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IN A WEB CONTEXT 


~ HOW ABOUT SOME A 
RASPBERRY PI? gu: 


855-GREP-4-IX 
www.ixXsystems.com 
Enterprise Serversand Storage 
for Open Source 


# Rock-Solid Performance 


+ Professional In-House Support 


HOW IMPORTANT IS YOUR DATA? 


Years of family photos. Your entire music 
and movie collection. Office documents 
you've put hours of work into. Backups for 
every computer you own. We ask again, how 
important is your data? 


NOW IMAGINE LOSING IT ALL 


Losing one bit - that’s all it takes. One single bit, and 
your file is gone. 


The worst part? You won't know until you 
absolutely need that file again. Example of one-bit corruption 


THE SOLUTION 


The Mini boasts these state-of-the- 


The FreeNAS Mini has emerged as the clear choice to 
art features: 


save your digital life. No other NAS in its class offers 


i ry and ZFS bitr 
ECC (error correcting code) memory and ZFS bitrot Se ee ee 


protection to ensure data always reaches disk . Up to 16TB of storage capacity 
without corruption and never degrades over time. - 16GB of ECC memory (with the option to upgrade 
to 32GB) 


; « 2x 1 Gigabit network controllers 
No other NAS combines the inherent data integrity si amaois aanagementeort (PN 


and security of the ZFS filesystem with fast on-disk - Tool-less design; hot swappable drive trays 
encryption. No other NAS provides comparable power RCS NES ihetalemanacomngured 

and flexibility. The FreeNAS Mini is, hands-down, the 
best home and small office storage appliance you can 
buy on the market. When it comes to saving your 
important data, there simply is no other solution. 


Intel, the Intel logo, Intel Atom and Intel Atom Inside are trademarks of Intel Corporation in the U.S. and/or other countries. 


FREENAS 


CERTIFIED 
STORAGE 


With over six million downloads, 
FreeNAS is undisputedly the most 
popular storage operating system 
in the world. 


Sure, you could build your own FreeNAS system: 
research every hardware option, order all the 

parts, wait for everything to ship and arrive, vent at 
customer service because it hasn't, and finally build it 
yourself while hoping everything fits - only to install 
the software and discover that the system you spent 
days agonizing over isn’t even compatible. Or... 


MAKE IT EASY ON YOURSELF 


As the sponsors and lead developers of the FreeNAS 
project, ixsystems has combined over 20 years of 
hardware experience with our FreeNAS expertise to 
bring you FreeNAS Certified Storage. We make it 
easy to enjoy all the benefits of FreeNAS without 
the headache of building, setting up, configuring, 
and supporting it yourself. As one of the leaders in 
the storage industry, you know that you're getting the 
best combination of hardware designed for optimal 
performance with FreeNAS. 


Every FreeNAS server we ship is... 


» Custom built and optimized for your use case 

» Installed, configured, tested, and guaranteed to work out 
of the box 

» Supported by the Silicon Valley team that designed and 
built it 

» Backed by a 3 years parts and labor limited warranty 
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As one of the leaders in the storage industry, you 
know that you're getting the best combination 

of hardware designed for optimal performance 

with FreeNAS. Contact us today for a FREE Risk 
Elimination Consultation with one of our FreeNAS 
experts. Remember, every purchase directly supports 
the FreeNAS project so we can continue adding 
features and improvements to the software for years 
to come. And really - why would you buy a FreeNAS 
server from anyone else? 


FreeNAS 1U 

- Intel® Xeon® Processor E3-1200v2 Family 

- Up to 16TB of storage capacity 

* 16GB ECC memory (upgradable to 32GB) 

« 2x 10/100/1000 Gigabit Ethernet controllers 
« Redundant power supply 


FreeNAS 2U 
- 2x Intel® Xeon® Processors E5-2600v2 Family 
- Up to 48TB of storage capacity 
- 32GB ECC memory (upgradable to 128GB) 
« 4x 1GbE Network interface (Onboard) - 
(Upgradable to 2 x 10 Gigabit Interface) 
« Redundant Power Supply 


http://www.iXsystems.com/storage/freenas-certified-storage/ 
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EDITORS’ WORD 


Dear Readers, 


e would like to introduce a new issue made by 

the BSD Team. This time you will deal with Unix 
and FreeBSD topics. You will learn more about the 
basic semantics of Unix United and you will learn 
how to start terminal in Unix. Reading our step-by- 
step tutorials will give you professional expertise in 
the subjects presented. You will get to know how to 
use the FreeBSD’s procstat API in a web context. 
David will present this topic to you in his article which 
can be found on page 14. 


Most of you are very familiar with FreeNAS, and 
| would like to invite you to read the Expert Says col- 
umn to check out “What's the Difference Between 
TrueNAS and FreeNAS? Is TrueNAS Just FreeNAS 
Installed on a Server?” All your questions will be cov- 
ered in this article written by Brett Davis. 


In this issue we also continue to write about the 
Raspberry Pi and | hope those of you who need and 
want to expand the knowledge on this topic will find 
the article by Jerry Craft very useful and interesting. 


Finally, please do not forget to see the next column 
by Rob Somerville. This time you will also find two 
new materials prepared especially for you. We de- 
cided to start publishing the monthly news from the 
BSD world for you. We selected the best news about 
products, OSes and events from the last month and 
we announced the upcoming conferences to keep 
you up-to-date. The second one is a Quiz prepared 
by Rob Somerville. You will find the quiz next to the 
News column and the answers are published on the 
last page of the issue. This way you can test your 
knowledge. Have great fun! 


As always, | would like to thank you all for really 
great articles and your willingness to help me create 
this issue of BSD magazine. 


Enjoy reading! 
Ewa and BSD Team 
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IN BUSINESS 


FreeNAS 
in an Enterprise Environment 


By the time you're reading this, FreeNAS has been downloaded 
more than 5.5 million times. For home users, it’s become an 
indispensable part of their daily lives, akin to the DVR. 
Meanwhile, all over the world, thousands of businesses 
universities, and government departments use FreeNAS to 
build effective storage solutions in myriad applications 


What you willearn.. 7E INTERRUPT THIS MAGAZINE TO BRING 


« How TrueNAS builds off the strong points of the FreeBSD and 


seta F YOU THIS IMPORTANT ANNOUNCEMENT: 
, | | | | a 


* How TrueNAs meets modern storage challenges for entery 
THE PEOPLE WHO DEVELOP FREENAS, THE WORLD’'S MOST 
T he FreeNAS operating systems is fre; POPULAR STORAGE OS, HAVE JUST REVAMPED TRUENAS. 


the public and offers thorough doc 
active community, and a feature-rig 
the storage environment. Based on Free 
can share over a host of protocols (SM§ 
FTP, iSCSI, etc) and features an intuiti 
the ZFS file system, a plug-in system 
much more. 
Despite the massive popularity g 
aren't aware of its big brother dut 
data in some of the most demand 
environments: the proven, enterp 
professionally-supported line of, 
But what makes TrueNAS diffd r | 
Well, I'm glad you asked... J “ | 


Tria PU Ss 


Commercial Grade Supp 
When a mission critical stor 


organization's whole operat POWER WITHOUT CONTROL MEANS NOTHING. 
fea) keantanraje geal TRUENAS STORAGE GIVES YOU BOTH. 
and running in a timely 
responsiveness and expe 
aperapra yr (Vi Simple Management MW Self-Healing Filesystem 
Fae hs , | , rae 
sores heleren (Vj Hybrid Flash Acceleration ( High Availability 
(VjfeIntelligent Compresssion (Vie Qualified for VMware and 
(Vj All Features Provided HyperV 
Up Front (no hidden Vi Works Great With Citrix 
licensing fees) XenServer® 


To learn more, visit: www.iXsystems.com/truenas 


i baabhirdiae BY sed orsehe cares 
tel, the lintel loge, Intel Xeon and Intel Xeo & trademarks of Intel ¢ oration in the US. and/or other countries. 
VMware and Viviware Ready are registered trademarks or trademarks of VMware, lnc. in the United States and other jurisdictions. 
Citrix makes and you receive no representations or warranties of any kind with respect to the third party prodicts, its functionality, the test(s) or the results 
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CONTENTS 


NEWS 


BSD World Monthly News 
BSD Team 

This column is to presents the latest news coverage of breaking 
news events, products releases and trending topics of the BSD 
world news stories. 


OS 


The. BSD Magazine Summer Quiz 12 
Rob Somerville 

FreeBSD Corner 

Using the FreeBSD’s Procstat API 

in a Web Context 14 


David Carlier 

Among the numerous specific features of FreeBSD, there is a 
famous command line to dump the statistics of the various current 
processes, procstat. Its internal API is fortunately exposed via the 
well named libprocstat library. Let’s imagine we want to display 
it via a web page so for this article, we're going to use CppCms, 
one of the good quality C++ web development frameworks with 
the current FreeBSD 10.2 release version. 


Expert Says... 


“What’s the Difference Between TrueNAS 
and FreeNAS? Is TrueNAS Just FreeNAS 
Installed on a Server?” 

Brett Davis 

If you look at the software feature list, there aren't a ton of 
differences. So really....what’s the difference? 


-O 


Unix 
UNIX Basics 


Samanvay Gupta 

UNIX United is the architecture for a distributed system based 
on UNIX. Any program written for a normal UNIX system can 
be transparently extended to exploit the richer environment of 
UNIX United. As it relies on having a UNIX system beneath 
it, the implementation of UNIX United, is called the Newcastle 
Connection. Samanvay explains the basic semantics of UNIX 
United and is followed by that of the architecture implied by the 
protocol between components in a UNIX United system, network 
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basics and of a software structure appropriate to the architecture 
and the protocol. 


UNIX — How To Start Terminal? 
Nitin Kanoija 

UNIX is a multiuser operating system which is available in many 
flavours, like Oracle Solaris, HP UNIX, IBM AIX, Free BSD, and 
MacOS. It was developed by Ken Thompson and Dennis Ritchie 
at AT&T Bell Laboratories in the late 1960's. In 1978, AT&T’s 
UNIX seventh edition was split off into Berkeley Software 
Distribution (BSD). This version of the UNIX environment was 
sent to other programmers around the country, who added tools 
and code to further enhance BSD UNIX. 
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34 
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How About Some Raspberry Pi? 
Jerry Craft 

The love for figuring out how a computer functioned wasn’t 
part of the college application. Eben discovered kids were no 
longer writing programs and taking apart circuit boards. Instead, 
they were playing video games or using the family computers 
to update MySpace/Facebook posts. Kids didn’t have access 
to a computer they could blow up or really get into and discover 
how a computer functions. The hacking instinct was gone. 
Instead, kids going into college for computer science were 
“,.consumers of computers.” (Mann) 


Column 


With the latest successful hacking attempt 
on the edgy Ashley Madison dating site, 
what are the ethical and security implications 
as a new thinking infiltrates the deeper 


and darker sides of human nature? 46 
Rob Somerville 

Review 

How.to Use eEye Retina 

On-Red Hat/UNIX/Linux Systems 45 


Rebecca Wynn 
You can use eEye Retina on Red Hat/UNIX/Linux systems. In 
the article below, you can find some details how to make it. 
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TnterD Urone 


tihe International Drone Conference and Exposition 


Drone Drone) 


TECHCON FLYER BUSINESS 

: For Flyers and Buyers For Business Owners, 
More than 35 classes, More than 35 tutorials and Entrepreneurs & Dealers 
tutorials and panels for classes on drone operations, Classes will focus on running a drone 
hardware and embedded flying tips and tricks, range, business, the latest FAA requirements 
engineers, designers and navigation, payloads, stability, and restrictions, supporting and 
software developers building avoiding crashes, power, educating drone buyers, marketing 
commercial drones and the environmental considerations, drone services, and where the next 
software that controls them. which drone is for you, and more! hot opportunities are likely to be! 


The Largest Commercial Drone Show in North America 


ie September 9-10-11, 2015 


T Demos! Panels! Keynotes! 4 Rio, Las Vegas 
ee The Zipline! ap 
A es www.interDrone.com 
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A BZ Media Event 


10.2 is available now. This is the stable ver- 

sion which improves on the stability of FreeBSD 
10.1-RELEASE and has the new features. The most rel- 
evant features are: 


Ty he FreeBSD Team announced that the FreeBSD 


¢ The resolvconf(8) utility has been updated to version 
3.7.0, with improvements to protect DNS privacy. 

¢ The ntp suite has been updated to version 4.2.8p3. 

¢ Anew rc(8) script, growfs, has been added, which will 
resize the root filesystem on boot if the/firstboot file 
exists. 

¢ The Linux® compatibility version has been updated 
to support Centos™ 6 ports. 

¢ The drm code has been updated to match Linux® ver- 
sion 3.8.13, allowing running multiple X servers simul- 
taneously. 

¢ Several enhancements and updates for improved 
FreeBSD/arm support. 

¢ Several ZFS performance and reliability improve- 
ments. 

¢ GNOME has been updated to version 3.14.2. 

¢ KDE has been updated to version 4.14.3. 

e And much more... 


7 he PC-BSD team announced that RC1 images for 

the upcoming 10.2 release is available now to down- 

load. The new improvements of PC-BSD 10.2 are 

¢ FreeBSD 10.2 base system 

¢ Many bugfixes and enhancements to installer to dual- 
boot setups 

¢ New CD-sized network installation media, with WiFi 
Configuration via GUI 

¢ Switched to “iocage” for jail management backend 

¢ Disk Manager GUI now available via installer GUI 

¢ Bug-fixes and improvements to Life-Preserver repli- 
cations 

¢ Improved localization options for login manager 

¢ Options to Enable / Disable SSHD or IPv6 at installation 

¢ New “Plugins” system for AppCafe, allowing down- 
load of pre-built jail environments 
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FreeBSD 10.2-RELEASE 
amd64, i386, ia64, powerpc, powerpc64, sparc64, and 
armvé6 architectures and it can be installed from bootable 
ISO images, or it can be installed from a USB memory 
stick. The required files can be downloaded via FTP. 


is available now for the 


https:/www.freebsd.org/releases/10.2R/announce.html 


Massy Unrgdzenia Pomoc 
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¢ Improvements to look-n-feel of AppCafe for package 
management 

¢ Improved fonts and better support for 4K monitor set- 
ups 

e Enterprise package repo, which only has security up- 
dates, allowing users to run a server / desktop or jail 
with fairly consistent package versions. 

¢ FireFox 39.0 


¢ Chromium 43.0.2357.134 
¢ Thunderbird 38.1.0 
¢ Lumina 0.8.6 


10.2-RC1 DVD/USB media can be downloaded from the 
following URL via HTTP or Torrent. 


http://download.pcbsd.org/iso/10.2-RELEASE/edge/amd64/ 


The New “FreeBSD Mastery: ZFS” Book 


FS, the fast, flexible, self-healing file system, revolutionized data storage. 
Leveraging ZFS changes everything about managing FreeBSD systems. 
With FreeBSD Mastery: ZFS, you'll learn to: 


¢ understand how your hardware affects ZFS 

* arrange your storage for optimal performance 

¢ configure datasets that match your enterprise’s needs 
¢ repair and monitor storage pools 

¢ expand your storage 

¢ use compression to enhance performance 

¢ determine if deduplication is right for your data 

¢ understand how copy-on-write changes everything 
¢ snapshot file systems 

¢ automatically rotate snapshots 

¢ clone file systems 

¢ understand how ZFS uses and manages space 

¢ do custom FreeBSD ZFS installs 


Michael WLucas 
Allan Jude 


Whether you're a long-term FreeBSD administrator or a new user, FreeBSD Mastery: ZFS will help you simplify storage. 


httos:/www.michaelwlucas.com/nontiction/freebsd-mastery-zfs 
https:/www.freebsdmall.com/cgi-bin/fm/bsdmzfs ?id=UGkGF4io&mv_pc=194 


vBSDcon 2015: September 11-13 


BSDcon will be held on September 11-13, 2015 
V at the Sheraton in Reston, Virginia. This event will 

bring together all the BSD community members for 
a series of roundtable discussions, educational sessions, 
best practice conversations, and exclusive networking op- 
portunities. You will meet the speakers: Brian Callahan, 
Bryce Chidester, Michael Dexter, Allan Jude, George Nev- 
ille-Neil, Pierre Pronchery, Jim Thompson, Willem Toorop, 
Chang-Hsien Tsai, Shawn Webb, Christos Zoulas and the 
topics for this year are: 


Registration now open! 


veS2Qcon 


vy VERISIGN 


Sept. 11-13, 2015 Reston, VA 
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¢ Supporting a BSD Project 

¢ FreeBSD Virtualization Options 

¢ Made to Measure: Network Performance Analysis 
in FreeBSD 

¢ What is EdgeBSD? 

¢ blacklist’d: A NetBSD Project 

¢ getdns, A New Stub Resolver 

¢ Interesting things you didn’t know you could do with ZFS 


EuroBSDcon 2015 


uroBSDcon is_ the 

premier Europe- 

an conference on 
the open source BSD op- 
erating systems attracting 
about 250 highly skilled 
engineering professionals, 
software developers, com- 
puter science students and 
professors, and users from 
all over Europe and other 
parts of the world. The goal 
of EuroBSDcon is to ex- 
change knowledge about 
the BSD operating sys- 
tems, facilitate coordination and cooperation among us- 
ers and developers. 

Tutorials will be held in the main conference hotel on 
Thursday ist and Friday 2nd of October. The EuroBSD 
Conference will be on Saturday 3rd and Sunday 4th of 
October at Stockholm University. You will be able to take 
the BSD Administration Certificate Exam at the EuroBS- 
DCon 2015. Dru Lavigne has offered to run examinations 
for people wanting to take the exam. You can see now the 
list of accepted talks. 


Brandon Mercer Why OpenBSD matters in the 
Healthcare Industry 
Vadim Zhukov Raceless network configuration 


Tommi Pernila & Arto Attacking FreeBSD network 
protocols — Why, How and the 
Results 


Ted Unangst Cryptography in OpenBSD: Another 
Overview 

George Neville-Neil, Jim Measure Twice, Code Once 

Thompson 
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¢ HardenedBSD Internals 
¢ Improving MemGuard Support for UMA on FreeBSD 
¢ Devio.us, the Free OpenBSD Shell Provider and On- 


line *~BSD User Group: Technical and Social Lessons 
Learned from Half a Decade of Service 


www.vBSDcon.com 


Kirk McKusick A Brief History of the BSD Fast 
Filesystem 


John-Mark Gurney FreeBSD TLS and crypto 
performance 


Jasper Lievisse Adriaanse | Portroach, OpenBSD distfile scanner 


Marc Espie Faster and more secure packages in 
OpenBSD 

Scott Long Multiqueue I/O in FreeBSD using LSI 
and NVME 


Sevan Janiyan Synchronisation of userland source 
among BSDs 


Jordan Hubbard Making FreeBSD more dynamic: 


A year of hacking on asynchronous, 
centralized interfaces 


Masao Uebayashi config - Rethinking kernel build 

Francois Tigeot State of the graphics stack in 
DragonFly 

Baptiste Daroussin Poudriére: efficient package 
building 

Arun Thomas RISC-V: Berkeley Hardware for Your 
Berkeley Software (Distribution) 

Anders Magnusson A vacuum-tube computer (that runs 
BSD) 


Taylor R. Campbell Tricky issues in file systems 
Taylor R. Campbell Protobufs for kernel/user interface 


https://2015.eurobsdcon.org/ 
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Great Specials 


On FreeBSD®° & PC-BSD® Merchandise 


229.95 


PC-BSD 9.1 DVD 


239.95 


FreeBSD 9.1 Jewel Case CD Set 
or FreeBSD 9.1 DVD 


Styli Dress Attive 


The PC-BSD 9.0 Users Handbook 


Give us a call & ask about our 
COFTWARE BUNDLES 


1.925.240.6652 


299.95 


The FreeBSD CD or DVD Bundle 


Inside each CD/DVD Bundle, you'll find: 
FreekSD Handbook, 3rd Edition 
Liners Guide FreeBSD Handbook, Jed Exition, Acknin Gusiche 
FreeBSD 9.1 CD-or DVD) set 


249.9 


PC-BSD 9.1 DVD 


Freed Tocdkit Dv 


ri Look Your Professional Best 


"Se ae 
Apparel 


Stay Warm in Zip Ups & Pullovers 


FreeBSD 9.1 Jewel Case CD/DVD............... eaciestanie: $39.95 


CD Set Contains: 

Disc 1 Installation Boot LiveCD (i386) 

Disc 2 Essential Packages Xorg (i386) 

Disc 3 Essential Packages, GNOME2 (i386) 

Disc 4 Essential Packages (i386) 
Py hn A aia 
PES 0 OD savas ca ees cen sac canscessncesnereastaseanrectenanseerenrsseemnsersoneeses DOS 


FreeBSD Subscriptions 
Save time and $$$ by subscribing to regular updates of FreeBSD 


FreeBSD Subscription, start With CD 9.1 wo... csscecsseseeseesreeneen 929.95 
FreeBSD Subscription, start with DVD 9.1 ...........sssssssssssesneseseen 929.95 
FreeBSD Subscription, start With CD 9.0......csssssscessnsseenesearees 929.99 
FreeBSD Subscription, start With DVD 9,0......scssscsesssnsssnenesrens 929.95 


PC-BSD 9.1 DVD (Isotope Edition) 


PE-BSE SU DSEN POO nnccnnceien enone $19.95 


Just Plate Fu 


Mousepads & Novelty Homs 


fo™ 


FreeBSD 


@ FreeBSD 2! ,, 


FreeBsD 


* 
Or : 
Pye |. \t 
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T-Shirts 


Lots of Styles to Choose From 


The FreeBSD Handbook 
The FreeBSD Handbook, Volume 1 (User Guide) ............000 $39.95 
The FreeBSD Handbook, Volume 2 (Admin Guide)................ $39.95 


The FreeBSD Handbook Specials 


The FreeBSD Handbook, Volume 2 (Both Volumes)..............559.95 
The FreeBSD Handbook, Both Volumes & FreeBSD 9.1 ........ $79.95 


PC-BSD 9.0 Users Handbook uuu. $24.95 


BSD Ma arZ irene ccsssnsnssensscsceccsssnuessesssecescnnstssssssssssceeeteee 97 1.99 
The FreeBSD Toolkit DVD 000 cessssssssssssesssensees 939,95 
FreeBSD Mousepad on... ccceecccccsssstsssssssssesseenseseees $10.00 
FreeBSD & PCBSD Cap uu. ccccsscsssssssssssssssssessseseeees 920.00 


BSD Daemon Horn Ss SERRA RASRSSRESREE REESE EEE EEE EEE EE EEE EEE EEE EEE EEE EEE $2.00 
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PHOTOGRAPHY 
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S| 
For even MORE items 
visit our website today! 


www.FreeBSDMall.com 
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. What does FIFO stand for? 
. What IBM network protocol supports identical MAC addresses? i 
. What does IETF stand for? 

. Where does Theo de Raadt live? 

. What Stanford professor eschewed silicon transistors? 

. What computer was developed by Tommy Flowers? = 
. When was PC DOS version 1.0 shipped? 


. What 16 bit microcomputer did BSD originally run on? _— 


What does OWASP stand for? 

What does an IP flag of 0x40 stand for? 

Under the USB 3.1 specification is link power management synchronous? 
Is a netmask of 255.255.255.255 valid? 

Is 10.2 the latest production release of FreeBSD? 

When was ZFS incorporated in FreeBSD? 

Has FreeBSD 10.0-RELEASE reached end of life yet? 

What is octal 167 in binary? 

What does BOFH stand for? 


. Are all Android devices vulnerable to a MMS attack that do not require user intervention? 
. What is Bill Gates middle name? 

. Did IBM clear $100,000 million revenue in 2014? 

. What file-system designer was convicted of 2nd degree murder? 


. What is the maximum recommended length of CAT6 cable in an 10GBASE-T electrically 


noisy environment? 


. Ifa file starts with OxFFE or OXFFF what file type is it likely to be? 
. Is the word volatile a reserved C keyword? 


. What mainframe helped regularise the standard of 8 nits to a byte? 
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Performance and 
Reliability is critical 


Download syslog-ng Premium Edition 
product evaluation here 


Attend to a free logging tech webinar here 


BalaBit 


IT Security 


www.balabit.com 


syslog-ng log server 


The world's first High-Speed Reliable Logging™ technology 


HIGH-SPEED RELIABLE LOGGING 


m above 500 000 messages per second 


=m zero message loss due to the 
Reliable Log Transfer Protocol™ 


= trusted log transfer and storage 


The High-Speed Reli 


FREEBSD CORNER 


Using the FreeBSD’s 
Procstat API ina Web 


Context 
[DAVID CARLIER 


“The procstat utility displays detailed information about 
the processes identified by the pid arguments, or if the 

-a flag is used, all processes. It can also display information 
extracted from a process core file, if the core file is specified 


as the argument.” 


Source: http://www.freebsd.org/cgi/man.cgi?procstat 


What you will learn... 


« FreeBSD’s procstat API 
¢« C++ web development frameworks 


there is a famous command line to dump the sta- 

tistics of the various current processes, procstat. 
lts internal API is fortunately exposed via the well named 
libprocstat library. Let’s imagine we want to display it via 
a web page so for this article, we're going to use CppC- 
ms, one of the good quality C++ web development frame- 
works with the current FreeBSD 10.2 release version. 


f\ mong the numerous specific features of FreeBSD, 


Procstat API 

The list of the available functions can be viewed in this 
page = https://www.freebsd.org/cgi/man.cgi?query=libpr 
ocstat&sektion=3&apropos=0&manpath=FreeBSD%20 
10.0-RELEASE. 

We just need to include the necessary headers and link 
our application to the shared library libprocstat, simply. 
For our basic procstat service, we will expose the pids, 
the paths of the processes and the owners of those. 
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What you should know... 


¢ Programming basics 
¢« PHP Language 


CppCms 
We could have used a usual full PHP solution, calling proc- 
stat utility via a system call, possibly parsing the output 
and displaying it. However, doing web development via 
low level languages is also possible especially in the em- 
bedded environments where the resources usage count. 
CppCms has a package, so pkg install copcms (or via the 
ports) is sufficient. This framework has a lot of useful fea- 
tures; session handling, caching, native encoding handling. 
For our basic usage, we'll use their advanced template sys- 
tem with the addition of jQuery to make it more appealing. 


Content 

Let's start with the template’s content. For this purpose we 
need a C++ prototype and a CppCms template file. 
proclist.h : 


#include <cppcms/view.h> 
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#include <vector> 
// Just a plain struct to hold a specific process data 
struct Procinto: { 

pid <= pid; 

std::string pathName; 

SEGQ:<Strific args; 

std::string userName; 


std::string userFullName; 


std::string userHome; 
bi 
// This class will be used by the template’s file 
// The main CppCms app will fill in the list of processes 
before the template’s rendering 
namespace content { 
struce ProcintoContent + publie copcems:ibase content -{ 
Std? *vector<Procinio> pintos; 


ie 


ProcinfoContentSkin.tmpl 


// For who has experienced various templates solution for 


Java, PHP and so on, some parts seem pretty familiar 


a 
ale 


ct+ #include ,proclist.h” %> => We include simply our 


C++ prototype here 


aX 
a\e 


skin ProcinfoContentSkin %> => Useful when the template 


are shared libraries 


<$ view ProcinfoContent uses content::ProcinfoContent %> 
<@ template render() %> 
<html> 


<head> 

<link rel="stylesheet” href="//jqueryui.com/ 
jquery-wp-content/themes/jquery/css/base.css?v=1"> 

<link rel="stylesheet” href="//jqueryui.com/ 
jJquery-wp-content/themes/jqueryui.com/style.css”> 

<script src="//code.jquery.com/jquery- 
LelU.cete 7 Serie 

<script src="//code.jquery.com/ui/1.11.4/jquery- 
Wis js" <7 scripte 

<script type="text/javascript”> 

2 (function { 

& (,tbhody”) .sortable (); 
S ,tbody” .disableSelection ; 

ak 

a/ecript> 

</head> 

<body class="jJquery-ul page-template-default”> 

<hl>Processes statistics</h1> 

<div class="container”> 

<div id="content-wrapper”> 

<div id="content”> 

<table class="ui-sortable”> 

<LEe 

—ithn>PIDs/ tne 
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<th>PATH</th> 
<th>ARGUMENTS</th> 
<th>OWNER</th> 


</tr> 
<tbody> 
<% foreach info in pinfos %> => Iterate through 
the pinfos member of the content’s class 
<% item %> 
<tr> => ... then ,echoing’ each field of a Procinfo struct 
<td class="ui-state-default ui-sortable- 
handle”><%= info.pid %></td> 
<td class="ui-state-default ui-sortable- 
handle”><%= info.pathName %></td> 
<td class="ui-state-default ui-sortable- 
handle”><%= info.args %></td> 
<td class="ui-state-default ui-sortable- 
handle”><%= info.userName %> <%= info.userFullName %> 
<%$= info.userHome %></td> 
Ss 
<% end %> 
<% end %> 
</tbody> 
</table> 
</div> 
</div> 
</div> 
</body> 
</html> 
<% end template %> 
<% end view %> 


<% end skin %> 
Application 


cppcms_procstat.cc : 

// And finally the most important, the CppCms’s application ... 
#include <cppcms/application.h> 

fincluge <cppems/ applications pool. h> 

#include <cppcms/service.h> 


#include <cppcms/http response.h> 


*#inelude <iostréean> 
#include <sstream> 


#incolude <stdlib.h> 


include <kvm.h> 
include <sys/param.h> 


include <sys/queue.h> 


include <sys/syectl.h> 


include <sys/types.h> 


# 
# 
# 
#include <sys/socket.h> 
# 
# 
# 


include <sys/user.h> 
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#include <pwd.h> 


#include <libprocstat.h> 


#include ,proclist.h” 
Glass Procetat + puplic cppcis?+iapplication { 
private 
procstatl *ps; 
content::ProcinfoContent pc; 
public 
Procstat (cppcms::service &srv) 
cppcms::application(srv) { 
// We're opening the processes info via the inter- 
nal sysctl system 
// There are other ways, via a kernel’s core dump file 
or via kvm ... 
ps = procstat open, sysctl); 
} 
*ErOCetatt) 4 
procetet close(ps); 
} 
Virtttial Void main(std::string url); 


F 


Lit 
kp compare (const void *a, const void *b) { 
const kinto proc *ka = Peinterprer Cast<coney 
RINtTO-DLOG + (a) 7 
Conese. kinto proc *kb-= 2einlerpret Gast<cost 


kinto- proc *>(b) 4 


it (ka->ki pid < kb->ki. pid) 
return -1 
else 


return 1 


void 
ProcstatiiMmain (Stas sstring) 4 
unsigned int ct; 
rs 
// we just get the processes information w/o their 
thread IDS though ... 
// We could get also only a specific group of processes 
per TTY or user etc ... 
kinfo proc *kp = procstat getprocs (ps; KERN PROC 
PROC, Q, €¢Ct)? 
£F (ep == HULL) 
FELUrh 
De. DINOS: = Std: svector<Procintor(); 
qsort(kp, ct, sizeof(*kp), kp compare); // As the 


processes list is not ordered, we do per PID 
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for (1 = 0 
char path[PATH MAX]; 


Ll < che 2 ++) 4 


procstat getpathname(ps, &kp[i], path, 
sizeof (path) ); 
if (strlen(path) > 0) { 
PRocinre pay 
pispid = kp[.|.ki-pad; 
pi.pathName = std::string(path) ; 


std::stringstream ss; 
// Here we get the possible arguments the process 
were called with ... 
// args NULL terminated list pointer will be freed 
by procstat close later 
Chae *“args’ = procstat gevargy (ps, 
&kp[i], 0); 
chee “*pargs = args; 
// pargs[0] == path here, so it is bypassed (hence 
we could have just used procstat getargv ...) 
while (*++pargs) 


Se 450". * So Soares 


Dicergs = ScCr string (Ss.err()); 
passwd pw, *res; 
memset (&pw, 0 


Char burt [i0z4|> 


sizeof (pw) ); 


// Just to get more “human readable” process’ user info 
if (getpwuid r(kp[i].ki ruid, &pw, 
buf, sizeof(buf), &res) == 0) { 
pi.userName = 
std::string (pw.pw name) ; 
pi.userFullName = 
Std: String (pws pw gecos) 7 
pi.userHome = 
Std: String (pw.pw dir); 
} 


PC<DintoOSs.push back (pi); 


} 
procstat freeprocs(ps, kp); // Important to free 
the processes information 
render (,ProcinfoContent”, pc); // Finally render- 
ing the related template 
} 
Int 
Main(int.argce, Char “~argv[|]) 4 
try { 
Cppcms::service srv(argc, argv); 
Srv.applications pool ().mount( 
cppcms::applications factory<Procstat> () 


Ms 
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// Now our server is listening to client’s requests ... 
cuagtane ao bale @ ie 

} catch (std::exception const é&ex) { 

std::cerr << ex.what() << std::endl; 


} 


return 0 


Configuration 
CppCms uses the popular JSON format for the configura- 
tion file as follows for our example ... 


config.json : 
{ 
service { 
apis het; 
ip: ip address to listen, 
Cor; 8180 
} 
http { 


Script lanes | alprocstac” | 


The possibilities of configuration are pretty rich, here 
were using the internal web server, but in production it 
might be preferable to configure in FastCGI mode and 
allowing a genuine web server, like Nginx, handling the 
client’s connections ... 


service { 

api fastcgi, 

socket: <path of the unix socket>, 
} 
http { 


script names [. pe p¥oestat” | 


lf we planned to compile the template as a shared li- 
brary, we would need also to declare it in our config. 
For more precise information, please read this page: 
http://cppcms.com/wikipp/en/page/cppcms_1x_config. 


Compilation 
First, we need to “compile” the template file into a C++ 
code via a CppCms utilily. 


Cppcms tpl ce ProcintoContentokin.tmpl =o 


ProcintoContentSkin.cc 
Then compiling our CppCms’ application with this tem- 


plate. Indeed, for the sake of simplicity and as we have 
only one template, we compile it statically. 
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c++ -¢g -02 -I/usr/local/include -—L/usr/local/lib =o 
cppciis: procstatl cppcms procstat.ce ProcinroContentokin, 


cc =lcppemes =lbooster =<lprocstar 


| would advise to use at least a Makefile. The booster’s 
library is necessary for the template’s system otherwise 
it is also possible to render HTML content directly at the 
application level via an usual C++ stream like here: 


void 


Procstat?imain (Std: :string):.4 


response () .out()<< 
,ontm > \n<body>\n” 
, ~hl>Processes statistics</hl>\n’; 


Test 
Once compiled, we can finally launch our CopCms’s application. 


./ Cppcms procstat. =c contig. son 


F#oG#+ad-e-# S68 


Pa ee ee 


Processes statistics 


Ao PATH API MENTS OwHER 


Ap laetirra Lay 


Figure 1. Our sortable list of processes 


Conclusions 

This is it, we can now read the processes list and rear- 
range the order in a fancy manner. There is a lot of room 
for improvements, hopefully, that might give some ideas 
to you, Readers. | hope at least, that will give you also the 
curiosity to dig more into the procstat’s API. 


David Carlier has been working as a software developer since 2001. 
He used FreeBSD for more than 10 years and starting from this year, 
he became involved with the HardenedBSD project and performed 
serious developments on FreeBSD. He worked for a mobile product 
company that provides C++ APIs for two years in Ireland. From this, 
he became completely inspired to develop on FreeBSD. 
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HOW TO BUILD A PENTEST LAB 
el PAUL JANES eee 


Enroll to BUILD YOUR OWN PENTEST LAB online course and learn how to create your own 
pentest lab. 


This course covers various virtualization software and penetration testing tools like Kali Linux, 
Nessus, Metasploit, Metasploitable, Nmap, and others. 


Through practical hands-on labs, you will be able to not only identify systems but also identify 


their vulnerabilities. 
All in pure practice. 
In case of any questions please contact: 


joanna.kretowicz@eforensicsmag.com 


Course Plan: 


Pre-Course Material 


« Why Do! Need a Pen Test Lab 

« Definitions 

« Creating Directory Structure For the Course 
« Download Virtual Images 

« Acquire Nessus Licenses 


Module 1 The Build 


« Definitions 
« Some Basic Linux Commands You Need to Know 


Software 


« Installation of VMPlayer and Virtual Box. 
You Decide, We Will Cover Both. 

« Setup of Our Penetration Testing System — 
Kali Linux Distribution 

« Setup a Linux Client as a Virtual Machine 

« Setup Our First Vulnerable Machine 
Metasploitable2 

« Setup Our Second Vulnerable Machine Bee-box 
(BWAMP) 


Exercises 


« Overview of Virtual Machine Settings 
« Run the Basic Linux commands 
« Upgrade Kali Linux Distribution 


Module 2 Port Scanning 


« Nmap and Zenmap Installation 

« Nmap Basic Scanning 

« ZenMap Basic Scanning 

« Metasploitable Dnmap Scanning 


Exercises 


« Run Nmap Scans against Ubuntu 
« Run Zenmap Scans Against Metasploitable2 
« Run Dnmap Scans Against Host 


Module 3 Vulnerability Scans 


« Installation and Licensing of Nessus Vulnerability 
Scanner 

« Installation of Netsparker Web Vulnerability 
Scanner 

« Basic Nessus Scanning 

« Basic Netsparker Scanning 

« Intermediate Nmap Scans 


Exercises 


« Runa Nessus Scan Against Metasploitable2 

« Runa Netsparker Scans Against Bee-Box 
(BWAMP) 

« Runa Nessus Scan Against Ubuntu 


Module 4 Advanced Scanning and Reporting 


« Nessus Advanced Scans 

« Netsparker Advanced Scans 

« Nmap Advanced Scans 

« Metasploit Reporting 

« Review Other Resources Available to You... 
« Where Do | Get Virtual Machines 


Exercises 


« Create a Metasploit Report Combining Nessus 
and Dnmap Scans 

« Runan Advanced Nessus Scan Against 
Metasploitable 2 

« Runan Advanced Netsparker Scan Against 
Bee-Box (BWAMP) 


If you have any questions or just want to get to know us better feel free to contact 


me at joanna.k@eforensicsmag.com or just answer this email 


Get 10% discount on our magazines and online courses. Insert the code and use it at check-out 


T0eForse0/ 


Code is valid till the end of July 


EXPERT SAYS... 


FreeNAS vs TrueNAS 


“What's the difference between TrueNAS and FreeNAS? 
Is TrueNAS just FreeNAS installed on a server?” If you look 
at the software feature list, there aren't a ton of differences. 


So really....what’s the difference? 


TrueNAS is a purpose-built storage appliance 

while FreeNAS is freely-downloadable software 
that requires the user to understand storage well enough 
to select the correct hardware that is appropriate for their 
application. 


Ty he first difference is the software delivery method: 


1. TrueNAS is commercially-supported, while FreeNAS 
Is Community-supported. 

2. There are performance and usability optimizations 
in TrueNAS that are specific to the hardware we use 
and therefore aren't included with FreeNAS. 

3. High-Availability (failover) is hardware-dependent and 
only available in TrueNAS. 


But, perhaps more critical to understand than the “what” 
is the “why”: 


We make FreeNAS for when storage 

is non-critical 

There are certainly many storage applications that don't 
require professional support. Applications like home stor- 
age, simple office file servers, tertiary backups, home 
streaming media servers, scratch space, storage experi- 
mentation, or any other application where data is fungible; 
FreeNAS can be the perfect solution for all of them. 


We make TrueNAS for when storage is critical 

Storage downtime can equal an instant loss of revenue, 
making reliable storage a painstaking process — a process 
that requires careful consideration, deep hardware and 
storage knowledge, and countless hours of testing — cer- 
tainly eons more difficult than the Software Defined Stor- 
age crowd would want you to believe. It took us nearly two 
years to select, design, test, and qualify the myriad hard- 
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ware components that go into TrueNAS, which is a pur- 
pose-built appliance — meaning software coupled with 
custom hardware — designed for its one specific applica- 
tion: critical storage. Compared to a user-built system that 
your software vendor knows nothing about, the appliance 
platform is inherently easier to support when things don’t 
go your way, because your software vendor is your hard- 
ware vendor as well. And, when storage is this important 
to your business, it’s imperative to have a Support Team 
at arm's length who can resolve any issue that may arise 
without having to first wrap their heads around the hard- 
ware platform you've built. 


We make FreeNAS for Open Source flexibility 
For those that have the expertise and the spare time to build 
and support their own solutions, or for those that want to 
tinker and learn about storage, FreeNAS is freely-available 
and unencumbered by license restrictions. The FreeNAS 
Project has a mature community and a team of developers 
dedicated to providing the best (open-source) software de- 
fined network file storage solution in the world. All we ask 
in return is that you enjoy the software and contribute when 
and where you can, which can be as simple as providing 
feedback, filing bugs, and making feature requests, or as 
involved as helping us write code. 


We make TrueNAS for enterprise stability 

Where FreeNAS is the bleeding edge, TrueNAS is the sta- 
ble handle. FreeNAS is where technologies are tested and 
refined; therefore the software undergoes an often rapid 
and frequent release cycle. TrueNAS, by contrast, contains 
only the most stable and vetted code, keeping software up- 
dates to a minimum and the release cycle methodical. 


We make FreeNAS for people who want to “DIY” 
Some folks like to do it themselves. Some folks only get 
satisfaction when building things on their own. Some folks 
dont mind downtime when there’s an issue and enjoy 
perusing the FreeNAS forums for help. Some folks have 
limited budgets yet still want powerful storage software. 
And, some folks are storage experts themselves. You're 
welcome, guys :) 


We make TrueNAS because businesses don’t 
want to “DIY” 

Instead of buying a fleet of delivery trucks, | suppose 
we could purchase all the components separately, build 
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the trucks ourselves, and fix them when things break. 
But, we're not a car dealership, we're a storage company. 
We'd probably save money up front on the cost of the 
bare parts but would certainly come out way behind with 
the time spent figuring out how to put them all together 
and build a functioning car, let alone the costs to maintain 
it! Most businesses don't have the time, available hard- 
ware, or internal support expertise for a do-it- yourself 
storage solution — they’re busy focused on their own mis- 
sions and business models. But, with a 100% software 
solution, you must build the server yourself. If there is 
a problem with the server hardware, you can't look to the 
software vendor for support, and vice-versa if you have 
hardware problems. With TrueNAS, you get one throat 
to choke....ours :) 


We make FreeNAS because many are turning 

to virtualization 

FreeNAS is known to work well with all major virtualization 
platforms, but due to the nature of the decoupled hard- 
ware, we aren't able to officially certify the software with 
the virtualization vendors. Therefore, if something goes 
haywire, the user cannot turn to the virtualization ven- 
dor for assistance and instead must rely on the FreeNAS 
community. 


We make TrueNAS because many are turning to 
virtualization...and need Support 

With a software-only solution you must verify that every 
component is on the virtualization vendors’ compatibility 
list and when your configuration changes (such as up- 
grading to a new network card) you need to validate the 
configuration again. Most businesses can’t afford the risk, 
so TrueNAS is officially certified to support Citrix XenServ- 
er, VMware ESXi, and Microsoft Hyper-V. 


FreeNAS and TrueNAS both have their rightful 
places 

FreeNAS is the world’s most popular software defined 
storage OS, with more downloads and installs than any 
other storage software on the planet. The sheer magni- 
tude of interest speaks volumes about its myriad applica- 
tions. And, as its enterprise counterpart, TrueNAS has the 
performance, high-availability, functionality, and profes- 
sional software support that mission-critical storage ap- 
plications require. 


Brett Davis 
iXsystems Executive Vice President 
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EXPERT SAYS... 


UNIX Basics 


UNIX United is architecture for a distributed system based 
on UNIX. Any program written for a normal UNIX system can 
be transparently extended to exploit the richer environment 
of UNIX United. As it relies on having a UNIX system beneath 
it, the implementation of UNIX United, called the Newcastle 
Connection. This paper explains the basic semantics of UNIX 
United and is followed by that of the architecture implied by 
the protocol between components in a UNIX United system, 
network basics and of a software structure appropriate to 


the architecture and the protocol. 


described in [1], which contained a quite extensive 

survey of work on UNIX-based distributed systems 
and comparisons of the different approaches that have been 
adopted. No attempt is made to repeat such a Survey in 
the present paper. Since that time, the two notions of UNIX 
United as an architecture and the Newcastle Connection as 
an implementation have become more distinct in our own 
minds, and both have evolved considerably in response to 
our continuing design and implementation efforts. 

The purpose of this paper is twofold: to describe the 
semantics and architecture of UNIX United in some 
detail and to discuss the current state of our design and 
implementation. A UNIX United system is composed of 
a number of component UNIX systems connected by one 
or more communications media. In architectural terms, 
UNIX United is a loosely coupled collection of components 
for a number of reasons: it should be feasible to use both 
fast and slow communications media, administrators 
of a component should retain their autonomy in the 
distributed system, and any given UNIX United system 
should be capable of encompassing an arbitrary number 
of components. While UNIX United is intentionally loosely 
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coupled in the senses described above, it paradoxically 
presents an extremely integrated view to its users; that of 
a single, albeit very large, UNIX system in which all of the 
normal UNIX system calls and programs exhibit exactly 
the same behavior when executed in the UNIX United 
environment as when executed in the environment of a 
single, isolated component. The result is that UNIX United is 
recursively structured [2]: the functionality of the distributed 
system as a whole is identical to that of its components. 
This not only has some interesting consequences in terms 
of the design of distributed computing systems, but it also 
implies that all existing software investments in UNIX can 
be retained in UNIX United, without necessarily requiring 
any modification to their source code or that of the UNIX 
kernels on the component machines. (As distributed 
commercially, the Newcastle Connection consists 
essentially of a replacement for the C language system call 
library, and thus programs only need to be relinked to be 
used in the UNIX United environment. However, we and 
others have also created UNIX United systems by installing 
the Newcastle Connection software below the physical 
machine kernel boundary, just “on top of’ the essentially 
unmodified kernel. In this case, no change whatever is 
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required to existing programs. Clearly, this also implies 
that the user’s perception of UNIX United is identical to his 
perception of UNIX itself; the advantages of this cannot be 
overstated. In Section Il, we discuss the motivation and 
basic semantics of UNIX United in more detail. Section 
Ill discusses the architecture of UNIX United, or precisely 
how the semantics of UNIX are extended in UNIX United. 
Section IV describes the software structures associated with 
the architecture, both in terms of our implementation (the 
Newcastle Connection), and in terms of the remote system 
call protocol which is used between various processes on 
UNIX machines in a UNIX United system. 


History Of Unix 

The Unix operating system found its beginnings in MUL- 
TICS, which stands for Multiplexed Operating and Comput- 
ing System. The MULTICS project began in the mid-1960s 
as a joint effort by General Electric, Massachusetts Institute 
for Technology and Bell Laboratories. In 1969, Bell Labo- 
ratories pulled out of the project. One of Bell Laboratories 
people involved in the project was Ken Thompson. He liked 
the potential MULTICS had, but felt it was too complex and 
that the same thing could be done in simpler way. In 1969, 
he wrote the first version of Unix, called UNICS. UNICS 
stood for Uniplexed Operating and Computing System. Al- 
though the operating system has changed, the name stuck 
and was eventually shortened to Unix. 

Ken Thompson teamed up with Dennis Ritchie, who 
wrote the first C compiler. In 1973, they rewrote the Unix 
kernel in C. The following year, a version of Unix known 
as the Fifth Edition was first licensed to universities. The 
Seventh Edition, released in 1978, served as a dividing 
point for two divergent lines of Unix development. These 
two branches are known as SVR4 (System V) and BSD. 

Ken Thompson spent a year’s sabbatical with the Uni- 
versity of California at Berkeley. While there he and two 
graduate students, Bill Joy and Chuck Haley, wrote the 
first Berkeley version of Unix, which was distributed to 
students. This resulted in the source code being worked 
on and developed by many different people. The Berke- 
ley version of UNIX is known as BSD, Berkeley Software 
Distribution. From BSD came the vi editor, C shell, virtual 
memory, Sendmail, and support for TCP/IP. 

For several years SVR4 was more conservative, com- 
mercial, and well supported. Today, SVR4 and BSD look 
very much alike. Probably the biggest cosmetic difference 
between them is the way the ps command functions. 


What Is Unix? 
UNIX is a powerful computer operating system originally 
developed at AT&I Bell Laboratories. It is very popular 
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among the scientific, engineering, and academic com- 
munities due to its multi-user and multi-tasking environ- 
ment, flexibility and portability, electronic mail and net- 
working capabilities, and the numerous programming, 
text processing and scientific utilities available. It has also 
gained widespread acceptance in government and busi- 
ness. Over the years, two major forms (with several ven- 
dor’s variants of each) of UNIX have evolved: AT&T UNIX 
System V and the University of California at Berkeley’s 
Berkeley Software Distribution (BSD). This document will 
be based on the SunOS 4.1.3 U1, Sun’s combination of 
BSD UNIX (BSD versions 4.2 and 4.3) and System V be- 
cause it is the primary version of UNIX available at Rice. 
Also available are Solaris, a System V based version, and 
IRIX, used by Silicon Graphics machines. 


Application 
Programs 


ra 


Figure 1. Structure 


Unix Basics - Structure 
The main concepts that unite all versions of UNIX are the 
following four basics: 


¢ Kernel: The kernel is the heart of the operating sys- 
tem. It interacts with hardware and most of the tasks 
like memory management, task scheduling and file 
management. 

¢ Shell: The shell is the utility that processes your re- 
quests. When you type in a command at your termi- 
nal, the shell interprets the command and calls the 
program that you want. The shell uses standard syn- 
tax for all commands. C Shell, Bourne Shell and Korn 
Shell are most famous shells which are available with 
most of the UNIX variants. 
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¢ Commands and Utilities: There are various command 
and utilities which you would use in your day to day 
activities. cp, mv, cat and grep, etc. are a few exam- 
ples of commands and utilities. There are over 250 
standard commands plus numerous others provided 
through 3rd party software. All the commands come 
along with various optional options. 

¢ Files and Directories: All data in UNIX is organized 
into files. All files are organized into directories. 
These directories are organized into a tree-like struc- 
ture called the file system. 


Directory Structure 
The UNIX system is set up as a tree hierarchy. At the 
top of the tree is the root. The root is represented by 
the slash character. Off of the root are branches of the 
tree. The branches are directories. 

Files or directories can be off the tree. 


/ (root) 
a 
a / \ is . a i aa 
a / %, a, 
usr var home bin : 
_—< 
-  % 
f he 
users students 
Ye * 
a \ 
stuQ1 stu02 


Figure 2. Tree hierarchy 


Design: An Extensible Kernel 

Early in its development, UNIX supported the notion 
of objects represented as file descriptors with a small set 
of basic operations on those objects (e.g., read, write and 
seek) [3]. With pipes serving as a program composition 
tool, UNIX offered the advantages of simple implemen- 
tation and extensibility to a variety of problems. Under 
the weight of changing needs and technology, UNIX has 
been modified to provide a staggering number of different 
mechanisms for managing objects and resources. In ad- 
dition to pipes, UNIX versions now support facilities such 
as System V streams, 4.2 BSD sockets, pty’s, various 
forms of semaphores, shared memory and a mind-bog- 
gling array of |OCtl operations on special files and devic- 
es. The result has been scores of additional system calls 
and options [...] 
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Figure 3. Network scheme 


[...] with less than uniform access to different resources 
within a single UNIX system and within a network of UNIX 
machines. As the complexity of distributed environments 
and multiprocessor architectures increases, it becomes in- 
creasingly important to return to the original UNIX model of 
consistent interfaces to system facilities. Moreover, there 
is a Clear need to allow the underlying system to be trans- 
parently extended to allow user-state processes to provide 
services which, in the past, could only be fully integrated 
into UNIX by adding code to the operating system kernel. 
Mach takes an essentially object-oriented approach to ex- 
tensibility. It provides a small set of primitive functions de- 
signed to allow more complex services and resources to be 
represented as references to objects. The indirection thus 
provided allows objects to be arbitrarily placed in the net- 
work (either within a multiprocessor or a workstation) with- 
out regard to programming details. The Mach kernel ab- 
stractions, in effect, provide a base upon which complete 
system environments may be built. By providing these ba- 
sic functions in the kernel, it is possible to run varying sys- 
tem configurations on different classes of machines while 
providing a consistent interface to all resources. The actual 
system running on any particular machine is a function of 
its servers rather than its kernel. 

The Mach kernel supports four basic abstractions: 


¢ A task is an execution environment in which threads 
may run. It is the basic unit of resource allocation. 
A task includes a paged virtual address space and 
protected access to system resources (such as pro- 
cessors, port capabilities and virtual memory). The 
UNIX notion of a process is, in Mach, represented by 
a task with a single thread of control. 

¢ A thread is the basic unit of CPU utilization. It is 
roughly equivalent to an independent program coun- 
ter operating within a task. All threads within a task 
share access to all task resources. 


08/2015 


¢ A port is a communication channel — _ logically 
a queue for messages protected by the kernel. Ports 
are the reference objects of the Mach design. They 
are used in much the same way that object referenc- 
es could be used in an object oriented system. Send 
and Receive are the fundamental primitive operations 
on ports. 

¢ A message is a typed collection of data objects used 
in communication between threads. Messages may 
be of any size and may contain pointers and typed 
capabilities for ports. 


Operations on objects other than messages are per- 
formed by sending messages to ports which are used 
to represent them. The act of creating a task or thread, 
for example, returns access rights to the port which rep- 
resents the new object and which can be used to ma- 
nipulate it. The Mach kernel acts in that case as a serv- 
er which implements task and thread objects. It receives 
incoming messages on task and threads ports and per- 
forms the requested operation on the appropriate object. 
This allows a thread to suspend another thread by send- 
ing a suspend message to that thread’s thread port even 
if the requesting thread is on another node in a network. 

The design of Mach draws heavily on CMU’s previous 
experience with the Accent [4] network operating system, 
extending that system’s facilities into the multiprocessor 
domain: 


¢ The underlying port mechanism for communication 
provides support for object-style access to resourc- 
es and capability based protection as well as network 
transparency, 

¢ All systems abstractions allow extensibility both to 
multiprocessors and to networks of uniprocessor or 
multiprocessor nodes, 

Support for parallelism (in the form of tasks with 
shared memory and threads) allows for a wide range 
of tightly coupled and loosely coupled multiproces- 
sors and 

¢ Access to virtual memory is simple, integrated with 
message passing, and introduces no arbitrary restric- 
tions on allocation, deallocation and virtual copy op- 
erations and yet allows both copy-on-write and read- 
write sharing. 


The Mach abstractions were chosen not only for their 
simplicity but also for performance reasons. A perfor- 
mance evaluation study done on Accent demonstrated 
the substantial performance benefits gained by integrat- 
ing virtual memory management and interprocess com- 


www.bsdmag.org 


munication. Using similar virtual memory and IPC primi- 
tives, Accent was able to achieve performance compara- 
ble to UNIX systems on equivalent hardware [5] 


Accessing A Unix System 

There are many ways that you can access a UNIX sys- 
tem. If you want the fullest possible access to the com- 
puter’s commands and utilities, you must initiate a login 
session. The main mode of initiating a login session to 
a UNIX machine is through a terminal, which usually in- 
cludes a keyboard, and a video monitor. When a terminal 
establishes a connection to the UNIX system, the UNIX 
kernel runs a process called a tty to accept input from the 
terminal, and send output to the terminal. When the tty 
process is created, it must be told the capabilities of the 
terminal, so it can correctly read from, and write to, the 
terminal. If the tty process receives incorrect information 
about the terminal type, unexpected results can occur. 


The Unix Processes 

Aprocess is the flow of execution of a set of program instruc- 
tions and owns, as a system entity, the necessary resources. 
Some operating systems, such as z/OS, call the basic unit of 
execution a job or task. In UNIX, it is called a process. In the 
UNIX kernel, anything that is done, other than autonomous 
operations, is done by a process that issues system calls. 
Processes often spawn other child processes, using, for in- 
stance, the fork () system call, which usually run in parallel 
with their parent process. These are usually subtasks which, 
when they are finished, terminate themselves. All UNIX 
processes have an owner. Typically, the human owner of 
a process is the owner of the account whose login process 
spawned the initial process parent of the process chain cur- 
rently executing. The child process inherits the file access 
and execution privileges belonging to the parent. 


Signals 

Signals are designed for processes to communicate with 
each other and with the kernel. The signalling capabili- 
ty is provided by the operating system and is used, for 
instance, to inform processes of unexpected external 
events, such as a timeout or forced termination of a pro- 
cess. Asignal consists of a prescribed message with a de- 
fault action embedded in it. There are different types of 
signals in UNIX, and each type is identified with a number. 


Console 

Every UNIX system has a main console that is connect- 
ed directly to the machine. The console is a special type 
of terminal that is recognized when the system is start- 
ed. Some Unix system operations must be performed at 
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the console. Typically, the console is only accessible by 
the system operators and administrators. 


Dumb Terminals 

Some terminals are referred to as “dumb” terminals be- 
cause they have only the minimum amount of power re- 
quired to send characters as input to the UNIX system, 
and receive characters as output from the UNIX system. 
Personal computers are often used to emulate dumb ter- 
minals, so that they can be connected to a UNIX system. 
Dumb terminals can be connected directly to a UNIX ma- 
chine, or may be connected remotely, through a modem, 
a terminal server, or other network connection. 


Smart Terminals 

Smart terminals, like the X terminal, can interact with 
the UNIX system at a higher level. Smart terminals have 
enough on-board memory and processing power to sup- 
port graphical interfaces. The interaction between a smart 
terminal and a UNIX system can go beyond simple charac- 
ters to include icons, windows, menus, and mouse actions. 


Network-Based Access Modes 

UNIX computers were designed early in their history to be 
network-aware. The fact that UNIX computers were prev- 
alent in academic and research environments led to their 
broad use in the implementation of the Department of 
Defense’s Advanced Research Projects Administration 
(DARPA) computer network. The DARPA network laid the 
foundations for the Internet. 


FTP 

The FTP (File Transfer Protocol) provides a simple means 
of transferring files to and from a UNIX computer. FTP ac- 
cess to a UNIX machine may be authenticated by means 
of a username and password pair, or may be anony- 
mous. An FTP session provides the user with a limited set 
of commands with which to manipulate and transfer files. 


TELNET 

Telnet is a means by which one can initiate a UNIX shell 
login across the Internet. The normal login procedure 
takes place when the telnet session Is initiated. 


HTTP 

The HTTP protocol has become important in recent years 
because it is the primary way in which the documents that 
constitute the World Wide Web are served. HTTP servers 
are most often publicly accessible. In some cases, access 
to documents provided by HTTP servers will require some 
form of authentication. 
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HTTPS 

A variation of HTTP that is likely to become increasingly 
important in the future. The “S” stands for “secure.” When 
communications are initiated via the HTTPS protocol, the 
sender and recipient use an encryption scheme for the in- 
formation to be exchanged. When the sending computer 
transmits the message, the information is encrypted so 
that outside parties cannot examine it. Once the mes- 
sage is received by the destination machine, decryption 
restores the original information. 


SHELLS 
Processes operate in the context of a shell. 
The shell is a command interpreter which: 


¢ Interprets built in characters, variables and com- 
mands 

¢ Passes the results on to the kernel. The kernel is the 
lowest level of software running. It controls access to 
all hardware in the computer. 


sh: Bourne Shell 

_ Developed by Stephen Bourne at AT&T Bell Labs 

csh: C Shell 

_ Developed by Bill Joy at University of California, Berkeley 
ksh: Korn Shell 

_ Developed by David Korn at AT&T Bell Labs 

_ backward-compatible with the Bourne shell and includes 
many features of the C shell 

bash: Bourne Again Shell 

_ Developed by Brian Fox for the GNU Project as a free 
software replacement for the Bourne shell (sh) 

_ Default Shell on Linux and Mac OSX 

_ The name is also descriptive of what it did, bashing 
together the features of sh, csh and ksh tcsh: TENEX 
C Shell 

_ Developed by Ken Greer at Carnegie Mellon University 
_ It is essentially the C shell with programmable command 
line completion, command-line editing, and a few other 
features 


There are many shells! Common features that all shells 
have: 


¢ Command execution. 

¢ Redirection of input and output. 

¢ Piping. 

e Wildcard expansion. 

¢ Process control. 

¢ Command recall and editing. 

¢ Turing-complete (except for the memory part). 
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Shell scripts 

The basic concept of a shell script is a list of commands, 
which are listed in the order of execution. A good shell script 
will have comments, preceded by a pound sign, #, describ- 
ing the steps. There are conditional tests, such as value 
A is greater than value B, loops allowing us to go through 
massive amounts of data, files to read and store data, and 
variables to read and store data, and the script may include 
functions. We are going to write a lot of scripts in the next 
several hundred pages, and we should always start with 
a clear goal in mind. By clear goal, we have a specific pur- 
pose for this script, and we have a set of expected results. 
We will also hit on some tips, tricks, and, of course, the 
gotchas in solving a challenge one way as opposed to an- 
other to get the same result. All techniques are not created 
equal. Shell scripts and functions are both interpreted. This 
means they are not compiled. Both shell scripts and func- 
tions are ASCII text that is read by the Korn shell command 
interpreter. When we execute a shell script, or function, 
a command interpreter goes through the ASCII text line by 
line, loop by loop, and test by test and executes each state- 
ment, as each line is reached from the top to the bottom. 

Shells contain: 


¢ Variables 

e Loops 

¢ Conditional statements 
¢ Input and Output 

¢ Built in commands 

¢ Ability to write functions 


Specifying the shell to be used: 
On the first line of the file: 


¢ Implicitly 
¢ blank line — Bourne shell 
¢ #incolumn 1 -—C shell 

¢ Explicitly 
¢ #!/bin/sh — Bourne shell 
¢ #!/bin/csh — C shell 


Directory Commands 

After logging into the system, the current directory is your 
home directory. So for the account stu01 the current di- 
rectory would be /nome/students/stu01. To view what the 
current directory is, use the pwd command: 


S pwd 
To create a new directory off of the home directory uses 


the command mkdir. 
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S mkdir newdir 


To view a listing of the contents of the current directory 
use the command Is. 


S 1s 


For a directory listing that gives more information use the 
command: 


S ls -l 


To view hidden files those don’t normally show up with 
an Is use the command: 


S ls -la 


To change the current directory to the new directory that 
was just created use the change directory command ca. 


S cd newdir 


The newdir directory is down one level in the tree from the 
home directory for stu01. Check to see what directory is current: 


S pwd 


In this directory, files could be stored or additional sub 
directories could be created. 
To move back up one directory use the command: 


S CC wz 


The dot dot represents the current directory. 
To rename a directory use the move command mv. 


S mv newdir newname 


The Unix File System 

The UNIX file system hosts the collection of files accessed 
by the processes running in the system and is in charge 
of the logical representation of the data to the requesting 
entities. The file system has therefore both a logical and 
physical dimension. 


The logical file system 

The logical file system is in charge of the hierarchy of con- 
nected directories and files as they are shown to the users. 
The UNIX file system is logically arranged as a tree, ac- 
tually inverted with the root, named “/’, at the top. All files 
are logically contained within the root directory. See the 
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example shown in Figure 4, where the shaded boxes 
represent directories, while the unshaded boxes repre- 
sent files. A file or directory is located in the file system 
tree using a “path name’; /etc/profile OF /u/dirA/dirAl/ 
Dominique are path names. Note that UNIX is a case-sen- 
sitive operating system; therefore a file called “ABC” is dif- 
ferent from a file called “abc’. 


| /u/dirA/dirAl | 
| 


/u/dirA/dirAl/Finn 


/u/dixA/dirAl/Dominique 


Figure 4. Logical File System 


The physical file system 

The physical file system, as the name implies, is in charge 
of the physical arrangement of data and control informa- 
tion about the physical media. The physical file system 
operates with control blocks such as the superblock, in- 
odes, and data blocks. The superblock holds the control 
information for the system. Inodes contain similar informa- 
tion for individual files. The data blocks hold the data that 
makes up the information in the files. 


Conclusion 

UNIX provides bothappropriate semantics for a general-pur- 
pose distributed system and appropriate mechanisms and 
interfaces for this system to be constructed merely by add- 
ing a comparatively simple transparent subsystem to UNIX. 
The design philosophy we employed was, at the outset, lit- 
tle more than an active concern for structure and generality, 
and, more particularly, a liking for recursive constructs (dating 
back to work at Newcastle on recursive virtual machines [6], 
if earlier). However, as a result of our work on the Connec- 
tion, these ideas on recursive system structuring have be- 
come much more well defined, in our own minds at least, and 
have enabled us to separate carefully issues concerned with 
constructing a distributed system from those concerned with 
taking advantage of the fact that it is distributed, for example, 
in order to provide increased reliability, availability, and/or se- 
curity. This is not to say that we have simply ignored all such 
issues. Rather we have investigated, and in several cases al- 
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ready implemented, various separate but complementary re- 
liability and security mechanisms, each of which can simply 
be added to a UNIX United system, without requiring modifi- 
cations to the code of either UNIX or the Connection [7], [8], 
and [9]. (This work is surveyed in [10], as part of a general 
account of our ideas on recursive structuring.) 

It would be inappropriate to end these concluding remarks 
without an explicit acknowledgment of our debt to UNIX and 
its original creators—it has its deficiencies, of course, both as 
a centralized system, and as the basis of a general-purpose 
distributed system. Nevertheless, we have found its facilities, 
particularly at the system call level, and the style of system 
design that it exemplifies a veritable inspiration. Such sim- 
plicity and generality of mechanism as we have been able to 
achieve undoubtedly owes much to this source. 
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UNIX — How To Start 
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UNIX is a multiuser operating system which is available in 
many flavours, like Oracle Solaris, HP UNIX, IBM AIX, Free 
BSD, and MacOS. It was developed by Ken Thompson and 
Dennis Ritchie at AT&T Bell Laboratories in the late 1960's. 
In 1978, AT&T's UNIX seventh edition was split off into 
Berkeley Software Distribution (BSD). This version of the 
UNIX environment was sent to other programmers around 
the country, who added tools and code to further enhance 
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by the programmers at Berkeley was adding net- 

working capability. This enabled the OS to operate 
in a local area network (LAN). In 1988, AT&T UNIX, BSD 
UNIX, and other UNIX OSs were folded into what became 
System V release 4 (SVR4) UNIX. This was a new gen- 
eration OS, which became an industry standard. The new 
SVR4 UNIX became the basis for not only Sun and AT&T 
versions of the UNIX environment, but also IBM’s AIX and 
Hewlett-Packard’s HP-UX. 

UNIX was constructed with following mechanisms: 


7 he most important enhancement made to the OS 


Kernel 

Kernel is the core/heart of an OS and is responsible for all 
the processing in a computer. It manages all the physical 
resources of the computer, including filesystems, CPU, 
memory, etc. 


Shell 

Shell is a command interpreter and acts as an interface 
between the system and the user. Shell accepts the com- 
mand and passes it to the kernel, which further executes 
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the command. In Oracle Solaris 11 and Oracle Enterprise 
Linux, the default shell is Bourne Again Shell, which is 
also known as bash. 


File System 

A file system is a logical collection of a files and directories 
on a partition or a disk. It has a root directory, which fur- 
ther contains all files and directories in an operating sys- 
tem. The root directory is identified as /. Each file or direc- 
tory is identified by its name and a unique identifier known 
as Inode number. 


Process 

Every program you run or execute in UNIX/Linux cre- 
ates a process. When you log in to the system and start 
the shell, several processes will be started, depending on 
the associated programs in login shell. Whenever you ex- 
ecute a command in the shell, it will start a process, which 
can further start another process. In that case, the process 
which has started another process will be known as a par- 
ent process. You can use the following commands in UNIX/ 
Linux to monitor and manage the process: Ps, top, prstat, 
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Figure 1. Directory structure 


pgrep. 

Solaris and HP UNIX are widely used flavours of UNIX. 
Since UNIX was developed, many features and tools 
have been added to different flavours of UNIX, like Journ- 
aling file system, ZFS, DTrace, enhanced packaging sys- 
tem like IPS, Solaris Volume manager (which was earlier 
know as Solstice Disk Suite). 


Who should use UNIX/Linux? 

Companies, or system administrators, who have big serv- 
ers in their environment and need stability, scalability, se- 
curity and high performance for their servers should use 
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Figure 2. Oracle Solaris 11 Desktop Menu 


www.bsdmag.org 


UNIX/Linux operating systems. UNIX/Linux operating 
system uses much less resources in comparison to any 
other operating systems. UNIX/Linux has many enhanced 
security features, like SELinux, IP tables, TCP wrappers, 
ACLs, Dtrace and many more. 


How to start terminal in Oracle Solaris 11? 

To open a terminal window in Oracle Solaris 11, right click 
on the Desktop and left click onthe "Open Terminal” option 
in the menu. 
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Figure 3. Jerminal window 
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An Oracle Solaris 11 Terminal window will then appear 
with a $ prompt, and you can start entering the commands. 
Oracle Solaris 11 Desktop: 


see Solaris 11 Express [Running] 
acy. jy) Frio 29, 9.39.AM 


Figure 4. Oracle Solaris 11 Desktop 


Installation Options for Oracle Solaris 11 
(Flavour of UNIX) 

You have several alternatives for where to install Oracle 
Solaris 11: 


¢ Inside a virtual machine on top of your existing oper- 
ating system 

¢ On the bare metal (physical machine) as a stand- 
alone operating system 

¢ On the bare metal alongside your existing operating 
system(s) (multiboot/dual boot scenario) 


Installing Oracle Solaris 11 inside a Virtual 
Machine with Live CD 

The easiest way to start using Oracle Solaris 11 is to in- 
Stall it into a virtual machine on top of the host operating 
system running on the physical machine. The figure below 
shows Oracle Solaris 11 installed on Apple OS X using 
Oracle VM Virtual Box. 

Oracle Solaris 11 will recognize the virtualized devices 
that the virtual machine provides. If you run Oracle So- 
laris 11 in full-screen mode, you might actually forget that 
there’s another operating system running in the back- 
ground. The one drawback to this approach is that you 
need enough memory to run two operating systems si- 
multaneously — a minimum of 2 GB is recommended for 
good performance. You should also allow a minimum of 
7 GB of disk space to install the operating system in vir- 
tual machine. 
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Oracle VM VirtualBox is a free-to-download virtualiza- 
tion application that can run on Microsoft Windows, Apple 
OS X, Linux, and Oracle Solaris x86 as host platforms, 
and supports most of the flavours of Linux, like Redhat 
& Oracle Enterprise Linux as guest OS. It also supports 
Oracle Solaris as one of its many guests. Oracle makes 
it easy to try this approach by offering a number of pre-in- 
stalled virtual machines for Oracle VM VirtualBox as appli- 
ances and VM templates that are focused towards a spe- 
cific use, for example, to evaluate the developer tools that 
are available on Oracle Solaris 11. 
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Figure 5. Oracle Solaris on Apple OS X 


After you have booted off the Live Media, the installation 
process is straightforward. Simply click the /nstall Oracle 
Solaris icon on the desktop to launch the graphical install- 
er, shown in Figure 6. 
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Figure 6. The Oracle Solaris 11 Graphical Installer 
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As you can see from the above Figure, the installation 
process is simple and asks some basic questions before 
installing a fixed set of packages. After Oracle Solaris has 
successfully been installed, you can easily customize the 
installation by using the Package Manager. After the in- 
stallation process is complete, you can reboot into your 
new Oracle Solaris environment or review the Oracle So- 
laris installation log, as shown in Figure 7. 
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Figure 7. Reviewing the Installation Log 


Now you are ready to launch your work. 


industry with core expertise in Unix/Linux and 


= =seeen Veritas. He is currently working as Senior 

Corporate Trainer with Koenig Solutions Ltd. 
L _ Nitin possesses vast experience on Unix/Linux, 

Oracle Virtualization & Clustering technologies 
and has also handled several projects which demand in-depth 
knowledge of Unix/Linux and clustering. Nitin is Sun Certified 
System Administration Certification (SCSA) & Sun Certified Network 
Administration Certification (SCNA). 
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BSD Certification 


The BSD Certification Group Inc. 
(BSDCG) is a non-profit organization 
committed to creating and 
maintaining a global certification 
standard for system administration 
on BSD based operating systems. 


@ WHAT CERTIFICATIONS ARE AVAILABLE? 


BSDA: Entry-level certification suited for candidates 
with a general Unix background and at least six months of 
experience with BSD systems. 


BSDP: Advanced certification for senior system administrators 
with at least three years of experience on BSD systems. 
Successful BSDP candidates are able to demonstrate 

strong to expert skills in BSD Unix system administration. 


g WHERE CAN | GET CERTIFIED? 


We'’re pleased to announce that after 7 months of 
negotiations and the work required to make the exam 
available in a computer based format, that the BSDA 
exam is now available at several hundred testing centers 
around the world. Paper based BSDA exams cost $75 USD. 
Computer based BSDA exams cost $150 USD. The price of 
the BSDP exams are yet to be determined. 


Payments are made through our registration website: 
https://register.bsdcertification.org//register/payment 


@ WHERE CAN I GET MORE INFORMATION? 


More information and links to our mailing lists, LinkedIn 
groups, and Facebook group are available at our website: 
http://www.bsdcertification.org 


Registration for upcoming exam events is available at our 
registration website: 
https://register.bsdcertification.org//register/get-a-bsdcq-id 
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How About Some 
Raspberry Pi? 


In early 2006, Eben Upton was working with undergraduate 
admissions in computer science as a PhD Candidate for the 
University of Cambridge. Working in admissions, he was 
hoping to find kids who were used to playing around with 
computers, but instead discovered something different. 
The love for figuring out how a computer functioned wasn't 
part of the college application. Eben discovered kids were 
no longer writing programs and taking apart circuit boards. 
Instead, they were playing video games or using the family 
computers to update MySpace/Facebook posts. Kids didn't 
have access to a computer they could blow up or really get 
into and discover how a computer functions. The hacking 
instinct was gone. Instead, kids going into college for 
computer science were “..consumers of computers.” (Mann) 


needed to be a simple low cost alternative for kids 

to use and discover a different side of comput- 
ing, the side of computers that Eben, and anyone prior 
to 1995, grew up discovering. Eben wanted to help kids 
learn about programming, circuitry, and the basics they 
had been missing in the applications he was reviewing. 
Eben decided to build a cheap single board computer 
called Raspberry Pi to facilitate that discovery. During his 
growing up, he discovered how to take apart computers, 
build programs, and discover how the systems work from 
machine language to basic electronics (Figure 1). 


= ben decided that, in order to change this, there 


Figure 1. Eben Upton 
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| too had a similar experience growing up. | personally 
came to computers in the 80’s when | was 16. My first 
computer was a Commodore VIC 20. It had no hard drive 
because at that time they were too expensive. Likewise, it 
had no floppy drive, tape drive, and it would only boot to 
ROM BASIC. My family was too poor to buy the computer 
so | spent a year working to save up enough money to buy 
this $100 system. But | did it, and when | brought it home 
my mother wondered what | was doing. | quickly connect- 
ed the RCA video connector to my black and white TV and 
booted it up for the first time. | watched everything go and 
for the next few months | would sit in front of that computer 
and learn BASIC programming. Likewise, as time would 
go on | would tear that small computer apart and discover 
a world of chips, circuit boards, and amazing technology. 
That large purchase would lead me to get a job at a hobby 
shop repairing circuit boards and building RC cars for cus- 
tomers. My whole life was surrounded by computers from 
that point forward and every waking moment was spent 
hunched over a computer figuring out how it worked and 
how | could use it to do what | needed. 


C= commodore 


Wie?) 


Figure 2. Commodore VIC 20 


That type of drive to learn computers is what Eben felt 
was missing in today’s students and it drove Eben to build 
the Raspberry Pi. Eben wanted to see kids have a sim- 
ple low cost computer they could build, use, and break. 
In 2009, he put together the Raspberry Pi Foundation, 
a Charity built to promote the study of computer science in 
schools. The one goal of the Raspberry Pi Foundation is 
to help give the spirit of the hobbyist back to kids so they 
can create a computer from the ground up and discover 
the world that both Eben and | discovered as kids. 
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Remember the joy of opening up new computer equip- 
ment or discovering how to use a new OS? What about 
the first time you successfully compiled your program to 
do some great thing and it actually compiled without er- 
rors? Today, | am a Security Consultant and | get the op- 
portunity to work in an environment where my hobbyist 
tendencies allow me to take neat tools like this and build 
something to make my life easier. | too have taken the 
Raspberry Pi and used it to create a small device | use in 
my own security engagements. In my Penetration Test- 
ing reports, | call it “The Raspberry Pi Test”. The whole 
goal of this test is to see how my customer's enterprise 
will react to a small computer placed on their network. 
It’s a fear all Blue Team security engineers dread and 
something all Red Team penetration testers should use 
in their bag of tricks. 

It is in that spirit that | bring you this tutorial. | soent a few 
weeks perfecting my installations, as | am sure you will as 
well. But here is the basic tutorial regarding how to con- 
struct a Raspberry Pi into a penetration testing tool. 


Purchasing your Raspberry Pi 

In order to start this endeavor you will need to purchase 
a Raspberry Pi. The recommended site to purchase the 
Raspberry Pi is http:/www.farnell.com/pi/. Choose your 
country, or if you are from the United States you can go to 
http://www.newark.com/. The country you choose will set 
the language, shipping and the currency option for you. 
Be aware that the site you choose will setup some default 
values and set you up for success (Figure 3). 


RASPRERRY-PT - RASPRERRY-MODA-256M - MODEL A- ASSEMBLED BOARD ONLY AV... 


ewer on thi preduct Fea all toe Oaks Figs 


Cu 1" 
There 1 1 questen and 1 ar: 


ee ey oe ‘Utes r 1 
Availability | 


4040 available to ship today 


Manufacturer: ASPRERAY-PL 
Arwark Part humber 


P Check more sloth, 
Price For: 1 Esc 
Hinimom Order Quantity: 


Manufacturer Part No: 
26 SPORE Y-MODw- 2 Soe 


Order Aultiple Quantity: | 


Price: $2>.00 


Product Information 
" MODEL A- ASSEMBLED BOARD ONLY 
* Silicon Manulacturer: Broadoan 


: Core Architecture: AR, 
* Core Sub- Architecture: ARMLL 

‘ Silican Core Number: Bao 

: Silicon Family Name: 

* Kit Contents: Asem Ee Cirily 
* Ros Compliant: 


Figure 3. Newark Website 


Assembled or Unassembled 

There are many options when choosing your Raspber- 
ry Pi. You can choose to get an unassembled board or 
an assembled board. My soldering skills have not stood 
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the test of time and in so doing, | was not confident that 
| wanted to rely on my ability to solder the first time out of 
the gate. So, | purchased an assembled board. But if you 
are one of those people where you feel confident in your 
ability to solder then feel free to order an unassembled 
board. | have since done so and | can say the experience 
was great. The smell of the solder is something that sticks 
with you forever. 


Raspberry Pi Model A or Model B 

The next choice to make is what model to purchase. 
There are two different models called Model A or Model B. 
Most will want to purchase the Model B version because 
you will want the latest and greatest. But some on a bud- 
get may want the Model A for some sort of pet project. 
Model A is normally a $25 (US) investment; Model B is 
a $35 (US) investment. The specification differences are 
listed below: 


RASPBERRY PI MODEL B 


RCA VIDEO AUDIO 


LEDS USB 


5I2MB RAM 
CPU 8 GPU 


— 
o_o 
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Figure 4. Raspberry Pi Model B 
Specifications (Figure 4) 


¢ SoC: Broadcom BCM2835 Multimedia Processor, 
comprised of: 

¢ CPU: Single-Core ARM1176JZ-F (ARMv6 ISA) at 
700 MHz 

¢ GPU: Broadcom Dual-Core VideoCore IV Media Co- 
Processor 

¢ RAM: 256MB (Model A & B) 

¢ USB: 2x USB 2.0 

¢ Video: 1x HDMI, 1x RCA Analogue Video 

¢ Audio: 1x HDMI, 1x 3.5mm Analogue Jack 

¢ Storage: SD Card 
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¢ Networking: None (Model A) or 10/100 Ethernet 
(Model B) 

¢ Additional Connectivity: GPIO, UART, I2C, SPI, CSI, 
DSI, JTAG 

¢ Actual Size: 85.6mm x 53.98mm 

¢ Costs: Model A = $25.00; Model B = $35.00 USD 


Shopping List 

Of course you are going to select and purchase your Pi 
but, you will need a few accessories as well. Use this list 
to identify those items. 


Samisk 


SDHC Card 


¢ 2 


16ce 


Figure 5. Class 10 and Class 4 SD Cards 


Hard Drive 

You will need to purchase a Hard Drive for your new Pi. 
Notice on the basic schematic there is no hard drive listed. 
The hard drive in the unit is the SD card so if you have 
one around for another project you can use it. But here is 
a note about the cards, it is recommended you get a card 
that is minimally a Class 4. | have had problems with cards 
under a Class 4 card. One problem | would experience is 
that even though | would shut down the Linux operating 
system correctly, the card would still have errors on it and 
a few times | lost the entire partition. So stick with experi- 
ence and use a Class 4 or better. | am currently running a 
Class 10 Lexar card with 16GB of space. This is a great 
card and it has been rock solid (Figure 5). 


Power Supply 

You will need a power supply. No giant black brick will be 
shipped with your Raspberry Pi, you will need to purchase 
one or you will need to “find” one. If you are a technologist 
like me, you have a few power supplies lying around for 
the different gadgets you use. You can buy a power sup- 
ply from Element 14 or you can use any power supply that 
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is 5V at 700mA. Many mobile phone chargers fit these 
criteria. | personally use my iPhone charger shown below. 
It makes the entire penetration testing platform nice and 
compact (Figure 6). 


Figure 6. Raspberry Pi and iPhone Charger 


Charging Cable 

Of course, your iPhone cable is not a micro-USB power 
supply but, | had one of those for another accessory. So if 
you do not have a micro-USB supply you should get one 
from Element 14 (Figure 7). 


Figure 7. A// Necessary Items Together 


Video 

lf you want to SEE your Raspberry Pi boot up you will 
need to plug it into an HDMI compatible resource like a TV 
or into a RCA video jack. | used my home TV for my test- 
ing. Again, | had spare RCA cable from an old TV project 
that helped me out. You may need to purchase an HDMI 
or RCA cable. 


Raspberry Pi Case 


Yes, you can purchase a case to go with your Raspberry 
Pi. You can make it pretty or you can make it stealth either 
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way the cases can be found on the site, so make sure you 
get one that fits you. It is also a good investment because 
you never know where you will be placing your Pi. So, 
a case is a good investment to protect your new toy, which 
cost anywhere from $7 and up (Figure 8). 


Figure 8. Raspberry Pi Case 


Raspberry Pi Bundles 

Now, if all of this is scary and you just want to click and 
buy a bundle, feel free to do so. Newark and others have 
Raspberry Pi bundles you can buy that take all the guess 
work out of it. In fact, they have bundles that are the com- 
plete kit including a mouse and keyboard. Because this 
is PenTest Magazine, | felt we would not use a keyboard 
and mouse. After all, we are all experienced testers who 
understand SSH and how to remotely connect to a Linux 
system. But if you want to get a complete kit to build your 
Raspberry Pi those are available as well. 

Kits come at a cost, however. The graphic below will 
show you that a complete kit costs almost $85 US, where- 
as | spent $35 for my Pi and $7 for my case. The other 
items | had lying around the house being unused. 


Pi + Advanced Bundle 

Raspberry Pi Model B (435302), Bud case, 
power Supply, pre-loaded Linux 46H SU card, 
keyboard and mouse. 


$84.99 


Model A Basic Bundle 
Raspberry Pi Model A (56W4050), Multicomp 
case, pre-loaded Linux 466 SD card. 


Figure 9. Two Kits for Raspberry Pit 
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Shopping Conclusion 

So with those parts you are done shopping! Simply pur- 
chase and ship your new toy and feel free to unbox it with 
the joy you use to have during Christmas or Birthdays. 


Unboxing your Raspberry Pi 

Your Raspberry Pi will come in an antistatic bag with all 
your other goodies. As you will see, it’s only a single board 
computer with no moving parts (Figure 10). 


Figure 10. Unboxed Raspberry Pi 


Figure 11. Scale picture for the Raspberry Pi 


Raspberry Pi Tour 

It’s often hard to understand scale when you read arti- 
cles. However, the Raspberry Pi is very small. | am in- 
cluding screenshots for readers to see and get an idea as 
to how tall and small the Raspberry Pi is when it arrives. 
As a contrast, | am using my iPhone and iPhone power 
supply as scale references. The iPhone used for these 
pictures is an iPhone 4S (Figure 11-16). 
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Figure 12. Using the bottom of my Case you can see the Raspberry Pi 


is as tall as the iPhone charger 


Figure 13. SD Slot with Mini-USB power on the right 
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Figure 14. HDMI side view 
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Figure 16. Serial Audio and RCA jack with the GPIO expansion port on 
the right 


Walk Through Conclusion 

Overall, the Raspberry Pi is a very small single board 
computer with more power than most of us had when we 
were kids. Next we will format our SD card and create 
a hard drive for our Raspberry Pi. Then we will load some 
cool tools onto the card and setup our pentesting Rasp- 
berry Pi. 


Setting up our Raspberry Pi 

lf we plug our Raspberry Pi into its video resource and pow- 
er it on, all you will get is a red light on the power. | plugged 
mine into RCA and power and there is no CMOS boot 
screen or any indication that something is happening out- 
side of the red light. | wanted to show this to you because 
this is the only interface you have if something goes wrong 
with your Raspberry Pi or SD Card hard drive. If your parti- 


www.bsdmag.org 


tions are damaged, or you are not giving enough power to 
the Pi, you will want to review these lights for an indication 
of what has gone wrong (Figure 17). 


Figure 17. Raspberry Pi Diagnostics 


Many sites document the lights on the main board and 
they also document the causes of each problem. | have 
used http://elinux.org/R-Pi_Hub as a troubleshooting re- 
source and it has worked well. 


48! SDFormatter - InstallShield Wizard 


Welcome to the InstallShield Wizard for 
SDFormatter 


| The InstallShield (R) Wizard wall install SOCormatter on your 
\ computer. To continue, dick Next. 


WARNING: [his program is protected by copynght law and 
international treaties. 


Figure 18. SD Formatter 


Setting up the Hard Drive 

The Raspberry Pi Foundation has put together a great tuto- 
rial on how to setup an SD Hard Drive for the Raspberry Pi. 
| will be following the guide at http:/Avwww.raspberrypi.org 
using a Windows OS in this demonstration. Obviously, if 
you run Linux it is easy to natively fdisk and format an SD 
card. The same can be said for MacOSX for that matter. 
However, if you want to use Windows, you want to use 
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an SD formatter. | have had problems using the normal 
format feature for a hard drive in Windows. Sometimes it 
just does not recognize the capacity of the entire SD Card. 
The Raspberry Pi Foundation mentions using this tool as 
well httos:/www.sdcard.org/downloads/formatter_4/eula_ 
windows/. 

Once you accept the EULA, a zip file will be sent to your 
system. Simply unzip and install the SETUP.EXE file and 
run the install. | ran the exe and clicked Next, Next, Next, 
Finish (Figure 18). When finished it is installed on your 
hard drive (Figure 19). 


Format your drive. All of the data 
on the drive will be lost when vou 


format tt. ie 


SO, SOHO and SOC Logos are trademarks of 
5D-3G, LLG. 


+ | Refresh | 


Size : 146 GB Wolume Label : TRANSFER 


Drie : | F: 


Format Qptior : 
QUICK FORMAT, FORMAT SIZE 40JUSTMENT OFF 


Option 


| For mat | 


Figure 20. SD Formatter Launched 


5... SDFormatter V4. 


Do not remove the drive during formatting. 
- OverWrite ERASE OFF 

- Flash ERASE OFF 

— Format 93% 


Format Option : 
GIUICK FORMAT, FORMAT SLE ADJUSTMENT OFF 


Option 


Format 


Figure 21. Completed SD Format 
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Double click the shortcut and launch the file. A simple 
user interface is launched (Figure 20). 

You will notice in the previous graphic that my drive, 
size, and name of the disk were already picked up from 
before. You can name it anything you desire, and click 
format to begin erasing the drive. This will not repartition 
the SD Card. If you want to repartition the card you will 
want to use DISKPART. See the following link to partition 
a SD Card in Windows hito:/www.winability.com/delete- 
protected-efi-disk-partition/ (Figure 21). 

Once my format wizard is up and ready, | simply clicked 
Format and my SD Card was formatted and ready to go. 


Prepare your Pentesting Hard Drive 
Today there are a few small pentesting distributions for 
the Raspberry Pi. You can choose a few different flavors 
depending on what you want your Raspberry Pi to do. Or 
if you are really adventurous, you can build your own ver- 
sion. After all, building a pentesting system is just a mat- 
ter of creating a Linux workstation and compiling some 
tools. But some people may like pentesting distributions 
because it gets you going quickly. In my review, | will talk 
about Linux distributions for the Raspberry Pi and show 
you how to install my favorite Raspberry Pi Pentesting 
Distro. Personally, | have a few SD cards with different 
distributions and “options” available. | have a special dis- 
tribution that | use for WIFI cracking. | also have a special 
distribution for reconnaissance or “phone home” connec- 
tivity. No matter which way you want to go, you need to 
figure this out now so you can identify the method you will 
use to install an operating system. 

Since my favorite distribution wants me to use the 
Raspberry Pi Debian version, we will move forward in 
that direction. 


Index of / 


Figure 22. Index of http://downloads.raspberrypi.org 
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Linux Distributions - ARM 

To start, remember that your Raspberry Pi is an ARM 
based computer. This means anything you use must use 
ARM architecture. The Raspberry Pi Foundation has put 
together a few different distributions ready to image at 
http://downloads.raspberrypi.org (Figure 22). 

In some cases you can simply use a distribution from 
here. Remember, your new Raspberry Pi has some inter- 
esting connections, including that GPIO interface that will 
need drivers. If you do choose to build a hard drive using 
Red Hat Fedora, or some other Linux version, you may 
need to build proper drivers for your hardware. In this ar- 
ticle, we will use the Debian version from the Raspberry 
Pi Foundation. 


DEBIAN version for Raspberry Pi 

Simply click the Debian link and choose a download type 
you desire. The Wheezy-armel version will work great for 
what we are doing (Figure 23). 


Index of /debian 


Latest debian image 


20135-05-29-wneezy—-armel.zi 
2015-05-29 -wheezy—-armel.zi 
2013-05-29 -wneezy-armel.zi 


~COorrent 
~Snal 


Figure 23. Choosing the download 


My personal download times run at about 7 minutes for 
the zip file. | never torrent for something so small, and like 
a good security engineer, | am going to download from a 
place | trust and check hashes. When the download com- 
pletes, unzip your image (Figure 24). 


Unzip 


‘2 | Name | Type 


w®) 2013-05-29-wheezy-armel.img IMG File 


Figure 24. Unzipper Wheezy 
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Imaging your SD Hard Drive 

Now that you have your Debian Image for Raspberry Pi, 
we can image it to your SD Card. The image will only take 
up 4gb of space, so | am glad | have a 16gb card. To im- 
age my SD card, | am going to use WINDISKIMAGER 
(Figure 25). 


__| 2013-05-29-wheezy-armel.img 
S| 2013-05-29-wheezy-armel.zip 
| Changelog. tt 

__| dialhome 

L_| GPL-2 

|_| LGPL-21 

| libgec_s_dw/2-1.dll 

3) libstdce++-6.dll 

4) mingwmL0.dll 

| OtCored.dll 

“| OtGuddll 

| README. tet 

“sb Win32DiskIlmager.exe 


Figure 25. Drive with Win32Disklmager and my Wheezy image 


“Se Win32 Disk Imager 
Image File = 


C:/Usersferry/Desktop/2013-05-29-wheezy-armel.img 


[| MDS Hash: 


Progress 


Figure 26. Creating a SD Card Image 


Double click on Win32Disklmager if you have it, other- 
wise, you can get it from source forge at http://source- 
forge.net/projects/win32diskimager/. Once it opens, se- 
lect your image file using the folder icon, then check that 


Unzip to Cloud Files 
Modified Sze Ratio Packed Att 
5/29/2013 22 PM 1939865600 75% 4859... 
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the image is going to the right drive, which in my case is 
the F drive. Once you are ready, click on the WRITE but- 
ton and your SD Card will be imaged (Figure 26). 

This process can take a few minutes depending on the 
speed of your SD Card. Here is a brief discussion about 
a Class 10 vs. Class 4 SD Cards. A Class 10 card can 
write at 10mb per second which means faster image ex- 
panding. A Class 4 card can read/write at 4mb/s. So again, 
a faster card could give you better results. When the write 
is finished you will get a “Done” message. 


Image is done, now what? 
Since we are using Windows, let’s check out our SD Card 
and see what's on it (Figure 27). 


boot (F:) 


Figure 27. Booting SD card 


Right away, you will see that the card now registers 
less than the full size of the SD Card. | am using a 16gb 
card but it reads that the F drive is 56mb and 37.5 is free. 
This is because the card was reformatted for the image 
so there are two partitions on this card. One is the Linux 
boot 56mb drive, and the second drive is the remainder of 
the 4GB image. That remainder will be your root partition 
once the Raspberry Pi boots up. We will expand this 4GB 
to my full 16GB a little later in this demo. 
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Figure 28. First Boot 


Safely eject your card from the system and plug it into 
your Raspberry Pi. | am going to let it boot up and ob- 
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tain an IP address on my network that is running DHCP 
through the Ethernet port. So that means | will need to 
cable up my RJ45 prior to boot. 

Here you can see my Raspberry Pi ready for its first 
boot (Figure 28). 

As you can see, my Raspberry Pi is running RCA vid- 
eo, RJ45 cable, power, and my SD Card is put in upside 
down. It only goes one way so you will figure that out. 
But also note that the lights on the Raspberry Pi are all 
lit. | have good power, it has booted, and the NIC activity 
lights are running. IT’S ALIVE! What do we see from my 
TV? (Figure 29) 


Figure 30. First Boot Screen 


lf you were to view it from the TV, you would see a nor- 
mal Linux style boot up with a Raspberry Pi logo in the 
top left; when it’s done, it goes right into the Raspberry Pi 
Software Configuration tool (raspi-config). This means it 
booted up correctly and it’s ready to configure. But | don’t 
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have a keyboard or mouse on mine. | need to SSH into my 
Raspberry Pi. Since | am in my office network, | can sim- 
ply get the IP from my DHCP logs. If you can't identify the 
DHCP address, then maybe a USB keyboard is an option 
for you (Figure 30). 

When you first SSH into your Raspberry Pi using the 
Wheezy image the username will be “pi” and the pass- 
word is “raspberry”. Take a quick look around and you will 
see that it’s a normal Linux Debian installation. If you per- 
form the command “df” you will see you are not using your 
full SD card. You need to expand the operating system 
to fill the full size of the SD card if you have a card larger 
than 2gb. 
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Figure 31. Screen after using Disk Free command 


RASPI-CONFIG - Setup your Raspberry Pi 

Now that you are in the console you should run “sudo ras- 
pi-config” to configure your Raspberry Pi. First we will ex- 
pand the filesystem to use all the space on our SD card. 
Use the arrow keys in your SSH connection to select op- 
tion 1 and expand the file system. When you are done, 
feel free to reboot your Raspberry Pi so it can finish ex- 
panding the filesystem. Here are some other features you 
may want to change: 


¢ Change User Password: After all, we did just publish 
your username/password. 

¢ Enable boot to desktop if you are going to use this 
Raspberry Pi as a desktop. 

¢ Internationalisation Options as necessary. 

¢ Enable Camera? Yes if you buy an Arduino connec- 
tion for GPIO interface. 

¢ Overclock — yes you can overclock your little Rasp- 
berry Pi! Use caution there is no heat sync. 

¢ Advanced options — Check them out, easy stuff, but 
there is an update feature there! 

¢ Update if you are inclined. 
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Normal Raspberry Pi to Penetration Testing 
Raspberry Pi 

At this stage you have a normal Raspberry Pi using stan- 
dard Linux Debian. But you don’t want a regular Rasp- 
berry Pi, you want a Pi that has cool tools on it. Again, you 
can start here to install Header files and GCC to build your 
tools; or you could use a Pentest distribution. | am going 
to opt for a distribution so you can see how that works. 
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Figure 33. PWNIE Express installation 


There are two core distributions | like for Penetration 
Testing. PWNPI from htto:/www.pwnpi.net has a great 
distribution that has some good tools. However, | really 
love the PWNIE Express distribution that is available in 
both a purchased tool and a community version. Since 
| see many Pentesters love Backtrack and Kali, | will opt 
for PWNIE Express in this demo. It’s more involved to set- 
up than others, but it does bring a bunch of great tools 
including SET, kismet, aircrack, netcat, and a bunch of 
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others ready to go. You can get PWNIE Express at http:/ PWNIE Express Installation 

blog.pwnieexpress.com. Once you go to the blog site for PWNIE Express, you can 
simply follow the steps for installing GIT and running the 
install. 


¢ First do the basics, ping out to confirm you have ac- 
cess to the internet from your Raspberry Pi and then 
update APT by running an “sudo apt-get update” 

¢ After this, run “sudo apt-get install git” to install GIT. 

¢ Finally, run the GIT command to get the PWNIE Ex- 
press installer. “git clone https:/github.com/pwnieex- 
press/Raspberry-Pwn.git” (Figure 32) 


After the installer is installed simply run the installation 
command (Figure 33). 

Note that you will need to change directory into Rasp- 
berry-Pwn that was created in the folder you ran the GIT 
command. | ran my GIT command in the home folder for 
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Pi. Once you change into the Raspberry-Pwn directory, 
execute the command ./INSTALL raspberry pwn.sh. 

This command will install the GIT repository for PWNIE 
Express (Figure 34). 

You will see the PWNIE Express installation begin up- 
dating/installing packages to support the PWNIE Express 
distribution (Figure 35). 

This process will continue until the installation is com- 
plete. Depending on the speed of your internet connec- 
tion, and class level of the SD Card, your install may take 
some time. My install took half an hour. 


Cleaning up 

At this stage of the installation you have a Raspberry 
Pi setup ready to perform penetration testing. Much like 
a BackTrack installation, many of the testing tools are 
placed in the /pentest folder (Figure 36). As you can see, 
my 16gb SD Card has 12gb of space remaining on the 
root partition (Figure 37). And | have a lot of free memory 
to use for the next engagement (Figure 38). 
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Figure 36. Pentesting Tools 
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Figure 37. Root 
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Overall, this new Raspberry Pi is set and ready to go. 
All that needs to be done is turn it on and tell it what to do. 


Extending the power of the Raspberry Pi for 
automated attacks 

In my engagements, | have programmed a script to do 
many things. Setup in the /etc/init.d folder, my script auto 
launches on boot up and performs recon scanning of an 
enterprise for my engagement. Then it opens up two SSH 
tunnels, one standard SSH reverse shell and another 
HTTP reverse shell. The first thing | do on an engagement 
is turn on my Raspberry Pi and let it work. It does a lot of 
the basic Recon work and simple exploitation. Fully pro- 
grammable, and ready to go, a Raspberry Pi is a great 
tool to use on my penetration tests and, with this how-to, 
you can build your own in minimal time. 


Security Consultant at Nth Generation Computing. 


Mounted on 


{dev 
frun 
frun/ Lock 
frun/shm 


SS = 
| 


Lit Ciba — E 
moe of 


oe 


Lad 


BSD |:: 


MAGAZINE 


COLUMN 


With the latest successful hacking attempt 

on the edgy Ashley Madison dating site, 
what are the ethical and security implications 
as anew thinking infiltrates the deeper 

and darker sides of human nature? 


hen the news of the Ashley Madison hack 
VV reached the public domain, there are three 

words that describe the emotions and mental 
state of a large number of their subscribers. Raw, unadul- 
terated, fear. One member admits to being so overcome 
with the threat of exposure, and the corresponding shame 
that could entail, that he was physically sick. While much 
has been made over the years about the potential physical 
harm that technology can subject our bodies to — from re- 
petitive strain injury and microwave radiation to poor eye- 
sight and short attention spans amongst the social me- 
dia addicted — this must be one of the first admissions in 
the mainstream press that the Internet can literally make 
you ill. Of course, it is easy to take the moral high ground 
and say “If you don’t want the time — don’t do the crime” 
but this ignores the inherent cognitive dissonance that 
goes along with all human interaction with technology. We 
seem to have lost that thin membrane of ethical and mor- 
al judgement that insulates us from making catastroph- 
ic decisions normally present in our day to day interac- 
tions with colleagues, friends and neighbours. To some, 
this is an excellent opportunity for exploitation, riches and 
the furthering of certain ideologies. To others, though, ac- 
cess via this dark portal will be costly indeed. 


Unfortunately, the problem extends well past singu- 
lar examples such as Ashley Madison, porn sites, drug 
deals on Tor, or whatever particular moral poison takes 
your fancy. The technology sector, like many other pro- 
fessional and business sectors, has swallowed whole 
the concept of situation ethics, where rules are based on 
context rather than absolutes. This is incredibly ironic, 
as we all know that the current generation of comput- 
ers have a brutal form of logic that is simplistic in the 


BSD 


MAGAZINE 


46 


extreme — 1 or 0, on or off, true or false. For all the ab- 
straction, the layers of programming and intelligence, it 
all boils down to binary. And here lies the quandary — 
do we live in a universe of absolutes, good versus evil, 
ying versus yang, or is there a grey area in between? No 
matter whether the underlying architecture of technology 
is a true representation of moral value or not, the cor- 
responding integration of hyper-efficiency into a society 
where inefficiency is de rigour spells trouble. All humans 
have feet of clay. Like a man walking along a cliff edge, 
each step is one based on faith that the ground will sup- 
port his weight, yet the fool-hardy race along as if step- 
ping on reinforced concrete. 


Somewhere along the way, our institutions, our nations, 
our society, have turned a blind eye to the revolution that 
is taking place beneath our feet. We are now so much 
more accountable to the system, to the established order, 
that the slow constriction of our liberties and choices — 
like the frog being boiled in water — has become a regular 
part of life to be met with the shrug of our shoulders and 
a pragmatic acceptance that all will end well. In America, 
while there still resides a strong movement that is fiercely 
independent and self sufficient, the cashless, computer 
based society has virtually consumed society, unlike the 
rest of the world, where electricity and clean water could 
be considered a luxury. 85% of Americans are now online, 
and it is becoming clearer that those who are not digitally 
engaged will be at a major loss. Irrespective of our online 
status, the current mantra of efficiency, connectedness 
and online presence has taken root in management cul- 
ture to such an extent that anyone suggesting a consid- 
ered approach rather than one based on hype and stake- 
holder value is regarded as a heretic. 
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Even as far back as the 1960's, the alarm bells were ring- 
ing in popular culture as to the ramifications of computing. 
The Moody Blues, with the track “In The Beginning’, warned 
us of the potential risk of becoming magnetic ink. The cor- 
responding loss of identity, the tools of dehumanisation 
and calculated or perceived value under measurement 
(metrics) always presents a grave danger when handed 
to those distanced from society and real life. The psycho- 
logical pathologies which drive dictatorships and fascists 


naturally cause 
them to embrace the leverage of 
control. And so there may 
be a silver lining to this 
incident that has 
morally shaken ma- 

ny. First of all, the 
hacking group may 

well have done the IT 
community a huge favour 
by exposing the Achilles heel of 


data security in terms that the general populace can relate 
to. In the 1800’s, the Luddites were a force to be reckoned 
with — the British army faced down more rebellions over 
the mechanical loom than Napoleon’s troops on mainland 
Europe. Hopefully, society will begin to address the cog- 
nitive dissonance that runs throughout our culture when 
it comes to technology, it’s innovation, management and 
application for the greater good. Secondly, along with the 
other high profile attacks that have plagued the US re- 
cently, maybe the government and law enforcement will 
start taking the issue a bit more seriously. Assuming that 
50% of the compromised records belong to US citizens, 
it is estimated that over 60,000 government employees 
will have been targeted, the same number again with 
top security clearance. This is a major security risk that 
makes the likes of the Philby and Maclean or the Pro- 
fumo affairs pale into minor significance. 


While the bean counters, HR drones and PR spin- 
meisters still have executive privilege, a comfort- 
able window seat and the willing ear of corporate 

leadership, while engineers and technologists are 

seconded to dusty basements, out of sight, this 
trend will continue. Data and information security 
may not be at the top of the agenda quite yet, 
but | will be very surprised if there are not more 
than a few CEOs and CTOs who, after this inci- 
dent, will be having a private and corporate re- 
think about the serious matters of risk, strategy 
and security. 


Rob Somerville has been passionate about technology since 


his early teens. A keen advocate of open systems since the mid- 
eighties, he has worked in many corporate sectors including finance, 
automotive, airlines, government and media in a variety of roles 
from technical support, system administrator, developer, systems 
integrator and IT manager. He has moved on from CP/M and nixie 
tubes but keeps a soldering iron handy just in case. 
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How to Use eEye Retina 
On Red Hat/UNIX/Linux 


Systems 
REBECCA WYNN 


You can use eEye Retina on Red Hat/UNIX/Linux systems. 
In the article below, you can find some details how to make it. 


What you will learn... 


- How to use eEye Retina against Red Hat/UNIX/Linux systems 


hen auditing Red Hat/UNIX/Linux systems, 
VV Retina will attempt to remotely access the tar- 
get system using Secure Shell (SSH). The cre- 
dential, used by Retina, must be allowed to login using 
SSH. The SSH server can use v1 or v2 of the SSH proto- 
col. The authentication method must be Password based. 
When configuring Retina to audit UNIX/Linux systems, 
a credential that is allowed to login using SSH should be 
added to the Retina credential manager. Usually, the cre- 
dential is added as \, the typical format for win32 or win64 
systems. For the UNIX/Linux systems, you do not need to 
add the domain part of the credential. For example: 


Win64 Credential: MYDOMAIN\Administrator 
Win32 Credential: MYDOMAIN\Administrator 
UNIX credential: Administrator 


Linux credential: root 


When creating a scan job in Retina, you can select 
the stored credentials which allow Retina to have both 
a win32 credential or win64 and a UNIX/Linux creden- 
tial. When the target system is scanned, the stored cre- 
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What you should know... 


- Basic understanding of UNIX or Linux operating systems, SSH/ 
shell commands, and permissions. 


dentials will be tried until one is found to allow access or 
none are allowed. 

There are some configuration settings for the SSHD dae- 
mon that must be considered. Retina will only perform Pass- 
word Authentication. This means the Password/Authentica- 
tion option in the SSHD config file must be set to Yes. 

To use the root account for access, you must also allow 
this in the SSHD configuration as well by setting Permit- 
RootLogin to Yes. The Protocol can be 1 or 2 or both. 

The hosts.allow and host.deny files should be config- 
ured to control access from remote systems. 

eEye also recommends disabling ‘Reverse DNS Lookup’ 
configuration within SSH. This setting in SSH (on the tar- 
get) can slow down Retina’s scanning performance. By dis- 
abling ‘Reverse DNS Lookup’ on the SSH target, the target 
will not perform a DNS lookup after each SSH connection. 

Most major UNIX/Linux vendors use a version of 
OpenSSH. The above referenced settings are typical of 
OpenSSH implementations. Specific versions of UNIX 
could vary to some degree. The important idea is that Reti- 
na doesn't know or have any preference to one implemen- 
tation or the other. You do not need root access. It is gen- 
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erally a bad practice to allow root access from anywhere 
except the console itself. Allowing root to connect using 
any means remotely is not recommended. When scanning 
remote systems, Retina will attempt to find identifiers for 
known vulnerabilities through several methods. One com- 
mon method is to review the package database to deter- 
mine what patches could be installed. Depending on the 
UNIX/Linux system itself, the package database may not 
allow a non-privileged user access to it. If this occurs, you 
may need to add the user that will be used within Retina to 
some specific groups. SUDO support is available. 


How to Enable SUDO Support for Retina 
In order to provide for more flexibility for scanning of Unix/ 
Linux targets, Retina additionally supports environments that 
implement the SUDO security framework. SUDO support in 
Retina is disabled by default and is configured through regis- 
try entries. To Enable SUDO perform the following: 


1.) Use the Windows Registry Editor (Start > Run > re- 
gedit) to view the following registry key, and add the 
following value to this key, or modify it if the value al- 
ready exists: 
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For 32-bit systems: HKEY LOCAL  MACHINE\SOFTWARE\ 
eEye\Retina\5.0\Settings\AuditRemote. 


For 64-bit systems: 


Wow6432Node\eEye\Retina\5.0\Settings\AuditRemote 


HKEY LOCAL MACHINE\SOFTWARE\ 


Value: EnableSUDO 
Value Type: REG DWORD 
Value Data: 0x0 (Hex) — Default (SUDO off) 


2.) Set the EnableSUDO data to 1 


Value: EnableSUDO 
Value Type: REG _DWORD Value 
Data: 0x1 (Hex) - SUDO on 


Note 
When scanning a UNIX system, you will want to look for 
this specific audit in the results to indicate if the SSH con- 
nection was NOT established during the scan. If you find 
this audit in the results, stop and investigate why SSH was 
not established and then re-scan. If you use any Audit 
Group other than All Audits, please ensure that this audit 
is included in the Audit Group before scanning. 
Audit ID and Name: 2264 — SSH Local Access not available. 
Additional Reference: http:/www.eeye.com/Files/Com- 
munity/Retina-Best-Practices. pdf. 


Rebecca Wynn, DHL, MBA, CCISO, CISSP, CRISC, LPT, CWNA, CIWSA, 
CIWSP, MCP, MCTS SQL Server 2005, GSEC, CCSK, ITILv3, NSA/CNSS 
NSTISSI 4011-4016 is a Lead/ Senior Principal Security Engineer with 
NCI Information Systems, Inc. She has been on the Editorial Advisory 


Board for Hakin9 Practical Protection IT Security Magazine since 
2008 and is a Privacy by Design Ambassador under Ann Cavoukian, 
Ph.D the Information & Privacy Commissioner for Ontario, Canada 
(www.privacybydesign.ca). 
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Titania award winning Nipper Studio configuration 
auditing tool is helping security consultants and end- 
user organisations worldwide improve their network 
security. Its reports are more detailed than those typically 
produced by scanners, enabling you to maintain a higher 
level of vulnerability analysis in the intervals between 
penetration tests. 


Now used in over 65 countries, Nipper Studio provides a 
thorough, fast & cost effective way to securely audit over 
100 different types of network device. The NSA, FBI, DoD 
& U.S. Treasury already use it, so why not try it for free at 
www.titania.com 
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New Dr.Web! version 10 
= Brand new user interface 
= Configuration as simple as ABC 
= Honest protection against real threats 
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Doctor Web is the Russian developer of Dr'Web anti-virus software. DrWeb anti-virus software has been developed since 1992. Doctor Web is 
one of the few anti-virus vendors in the world to have its own technologies to detect and cure malware. Dr.Web anti-virus software allows IT 
environments to effectively withstand any threats, even those not yet known. 


